Lucene search

MitreCVE-2009-0592

HistoryFeb 16, 2009 - 5:30 p.m.

CVE-2009-0592

2009-02-1617:30:04

CWE-22

mitre

web.nvd.nist.gov

cve-2009-0592

directory traversal

pnphpbb2

remote attackers

arbitrary files

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.025

Percentile

90.2%

JSON

Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a … (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, and (6) admin_users.php in admin/.

Affected configurations

Nvd

Node

pnphpbbpnphpbb2Range≤1.2i

pnphpbbpnphpbb2Match1.0

pnphpbbpnphpbb2Match1.1

pnphpbbpnphpbb2Match1.1a

pnphpbbpnphpbb2Match1.2

pnphpbbpnphpbb2Match1.2a

pnphpbbpnphpbb2Match1.2d

pnphpbbpnphpbb2Match1.2e

pnphpbbpnphpbb2Match1.2f

pnphpbbpnphpbb2Match1.2g

pnphpbbpnphpbb2Match1.2hrc3b

VendorProductVersionCPE
pnphpbbpnphpbb2*cpe:2.3:a:pnphpbb:pnphpbb2:*:*:*:*:*:*:*:*
pnphpbbpnphpbb21.0cpe:2.3:a:pnphpbb:pnphpbb2:1.0:*:*:*:*:*:*:*
pnphpbbpnphpbb21.1cpe:2.3:a:pnphpbb:pnphpbb2:1.1:*:*:*:*:*:*:*
pnphpbbpnphpbb21.1acpe:2.3:a:pnphpbb:pnphpbb2:1.1a:*:*:*:*:*:*:*
pnphpbbpnphpbb21.2cpe:2.3:a:pnphpbb:pnphpbb2:1.2:*:*:*:*:*:*:*
pnphpbbpnphpbb21.2acpe:2.3:a:pnphpbb:pnphpbb2:1.2a:*:*:*:*:*:*:*
pnphpbbpnphpbb21.2dcpe:2.3:a:pnphpbb:pnphpbb2:1.2d:*:*:*:*:*:*:*
pnphpbbpnphpbb21.2ecpe:2.3:a:pnphpbb:pnphpbb2:1.2e:*:*:*:*:*:*:*
pnphpbbpnphpbb21.2fcpe:2.3:a:pnphpbb:pnphpbb2:1.2f:*:*:*:*:*:*:*
pnphpbbpnphpbb21.2gcpe:2.3:a:pnphpbb:pnphpbb2:1.2g:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pnphpbb	pnphpbb2	*	cpe:2.3:a:pnphpbb:pnphpbb2::::::::
pnphpbb	pnphpbb2	1.0	cpe:2.3:a:pnphpbb:pnphpbb2:1.0:::::::*
pnphpbb	pnphpbb2	1.1	cpe:2.3:a:pnphpbb:pnphpbb2:1.1:::::::*
pnphpbb	pnphpbb2	1.1a	cpe:2.3:a:pnphpbb:pnphpbb2:1.1a:::::::*
pnphpbb	pnphpbb2	1.2	cpe:2.3:a:pnphpbb:pnphpbb2:1.2:::::::*
pnphpbb	pnphpbb2	1.2a	cpe:2.3:a:pnphpbb:pnphpbb2:1.2a:::::::*
pnphpbb	pnphpbb2	1.2d	cpe:2.3:a:pnphpbb:pnphpbb2:1.2d:::::::*
pnphpbb	pnphpbb2	1.2e	cpe:2.3:a:pnphpbb:pnphpbb2:1.2e:::::::*
pnphpbb	pnphpbb2	1.2f	cpe:2.3:a:pnphpbb:pnphpbb2:1.2f:::::::*
pnphpbb	pnphpbb2	1.2g	cpe:2.3:a:pnphpbb:pnphpbb2:1.2g:::::::*

Rows per page:

1-10 of 111

References

secunia.com/advisories/33365

www.securityfocus.com/bid/33103

www.exploit-db.com/exploits/7658

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.025

Percentile

90.2%

JSON

Related for CVE-2009-0592