Loading
Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml.
Use Mercur vendor hub and Mercur Messaging product page to widen CVE-2005-1657 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2006-1255 and CVE-2005-1656 for nearby disclosures in the same product family.