CVE-2005-4095 in DoceboLMS
Summary
by MITRE
Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/14/2025
The vulnerability identified as CVE-2005-4095 represents a critical directory traversal flaw within the fckeditor2rc2 addon of DoceboLMS 2.0.4. This security weakness resides in the connector.php file and specifically affects the GetFoldersAndFiles command implementation. The vulnerability stems from inadequate input validation and sanitization mechanisms that fail to properly restrict user-supplied data from being processed within file system operations. Attackers can exploit this weakness by manipulating the Type parameter through the use of ".." sequences, which are standard directory traversal indicators that allow navigation up directory trees.
The technical exploitation of this vulnerability occurs when the application processes user input without proper validation, enabling attackers to craft malicious requests that bypass normal file access controls. The flaw allows remote threat actors to enumerate arbitrary files and directories on the affected system, potentially exposing sensitive information such as configuration files, source code, or other system resources. This directory traversal capability enables attackers to access files outside of the intended application directory structure, creating a significant information disclosure risk. The vulnerability operates at the application layer and can be leveraged without requiring authentication, making it particularly dangerous as it can be exploited by anyone with access to the vulnerable system.
From an operational impact perspective, this vulnerability compromises the confidentiality and integrity of the affected DoceboLMS installation. The ability to list arbitrary directories and files can lead to comprehensive reconnaissance of the system's file structure, potentially revealing sensitive components such as database configuration files, administrative scripts, or other critical system resources. The vulnerability also creates opportunities for further exploitation, as attackers may discover additional weaknesses through the enumeration process. The impact extends beyond simple information disclosure, as the traversal capability can be combined with other vulnerabilities to achieve more severe consequences including arbitrary code execution or complete system compromise.
Security professionals should implement immediate mitigations including input validation and sanitization of all user-supplied parameters, particularly those used in file system operations. The recommended approach involves implementing strict whitelisting of allowed directory paths and ensuring that all user input undergoes comprehensive validation before being processed. Organizations should also consider implementing proper access controls and privilege separation to limit the damage that can be caused by such vulnerabilities. This weakness aligns with CWE-22, which describes improper limitation of a pathname to a restricted directory, and can be mapped to ATT&CK technique T1083 for directory traversal and T1005 for data from local system. The vulnerability demonstrates the critical importance of secure coding practices and input validation in preventing path traversal attacks that have been a persistent threat in web application security for many years.