Lucene search

MitreCVE-2009-0251

HistoryJan 22, 2009 - 4:30 p.m.

CVE-2009-0251

2009-01-2216:30:00

CWE-94

mitre

web.nvd.nist.gov

cve-2009-0251

static code injection

ryneezy phosheezy 0.2

admin.php

remote authenticated

arbitrary php code

nvd

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.004

Percentile

72.0%

JSON

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

ryneezyphosheezyMatch0.2

VendorProductVersionCPE
ryneezyphosheezy0.2cpe:2.3:a:ryneezy:phosheezy:0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ryneezy	phosheezy	0.2	cpe:2.3:a:ryneezy:phosheezy:0.2:::::::*

References

osvdb.org/51412

secunia.com/advisories/33531

securityreason.com/securityalert/4935

www.exploit-db.com/exploits/7780

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.004

Percentile

72.0%

JSON

Related for CVE-2009-0251