Lucene search

MitreCVE-2009-0371

HistoryJan 30, 2009 - 7:30 p.m.

CVE-2009-0371

2009-01-3019:30:00

CWE-22

mitre

web.nvd.nist.gov

cve

2009

0371

directory traversal

vulnerability

sitexs cms

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.007

Percentile

80.1%

JSON

Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the type parameter.

Affected configurations

Nvd

Node

sitexs_cmssitexs_cmsRange≤0.1.1pre-alpha

sitexs_cmssitexs_cmsMatch0.1pre-alpha

VendorProductVersionCPE
sitexs_cmssitexs_cms*cpe:2.3:a:sitexs_cms:sitexs_cms:*:pre-alpha:*:*:*:*:*:*
sitexs_cmssitexs_cms0.1cpe:2.3:a:sitexs_cms:sitexs_cms:0.1:pre-alpha:*:*:*:*:*:*

Vendor	Product	Version	CPE
sitexs_cms	sitexs_cms	*	cpe:2.3:a:sitexs_cms:sitexs_cms::pre-alpha::::::*
sitexs_cms	sitexs_cms	0.1	cpe:2.3:a:sitexs_cms:sitexs_cms:0.1:pre-alpha::::::

References

www.securityfocus.com/bid/33457

www.vupen.com/english/advisories/2009/0247

exchange.xforce.ibmcloud.com/vulnerabilities/48236

www.exploit-db.com/exploits/7879

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.007

Percentile

80.1%

JSON

Related for CVE-2009-0371