Lucene search

MitreCVE-2009-0275

HistoryJan 26, 2009 - 8:30 p.m.

CVE-2009-0275

2009-01-2620:30:00

CWE-94

mitre

web.nvd.nist.gov

cve-2009-0275

static code injection

ryneezy phosheezy

admin.php vulnerability

remote code injection

php code injection

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.2%

JSON

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

Nvd

Node

ryneezyphosheezyMatch0.2

VendorProductVersionCPE
ryneezyphosheezy0.2cpe:2.3:a:ryneezy:phosheezy:0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ryneezy	phosheezy	0.2	cpe:2.3:a:ryneezy:phosheezy:0.2:::::::*

References

secunia.com/advisories/33531

www.osvdb.org/51412

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.2%

JSON

Related for CVE-2009-0275