Lucene search

[email protected]CVE-2009-0294

HistoryJan 27, 2009 - 8:30 p.m.

CVE-2009-0294

2009-01-2720:30:00

CWE-94

[email protected]

web.nvd.nist.gov

security

php

remote file inclusion

vulnerability

cve-2009-0294

nvd

wb news

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288.

CPENameOperatorVersion
webmobo:wbnewswebmobo wbnewseq2.0.1

CPE	Name	Operator	Version
webmobo:wbnews	webmobo wbnews	eq	2.0.1

References

secunia.com/advisories/33691

www.securityfocus.com/archive/1/500398/100/0/threaded

www.securityfocus.com/bid/33434

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2009-0294

prion2 securityvulns1 cve1