Lucene search
HistoryApr 02, 2009 - 3:30 p.m.
CVE-2009-1226
podcast generator
access restriction
administrative functions
remote attackers
arbitrary files
file parameter
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.6%
core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.
Affected configurations
Node
podcast_generatorpodcast_generatorRange≤1.1
ORpodcast_generatorpodcast_generatorMatch0.6
ORpodcast_generatorpodcast_generatorMatch0.8
ORpodcast_generatorpodcast_generatorMatch0.9
ORpodcast_generatorpodcast_generatorMatch0.81
ORpodcast_generatorpodcast_generatorMatch0.91
ORpodcast_generatorpodcast_generatorMatch0.92
ORpodcast_generatorpodcast_generatorMatch0.93
ORpodcast_generatorpodcast_generatorMatch0.94
ORpodcast_generatorpodcast_generatorMatch0.95
ORpodcast_generatorpodcast_generatorMatch0.96
ORpodcast_generatorpodcast_generatorMatch0.96.2
ORpodcast_generatorpodcast_generatorMatch1.0
ORpodcast_generatorpodcast_generatorMatch1.0beta_2
ORpodcast_generatorpodcast_generatorMatch1.0_beta
ORpodcast_generatorpodcast_generatorMatch1.0_beta2
ORpodcast_generatorpodcast_generatorMatch1.0_beta3
ORpodcast_generatorpodcast_generatorMatch1.0_beta4
ORpodcast_generatorpodcast_generatorMatch1.0_beta4a
Related
nvd
nvd
CVE-2009-1226
2009-04-02 15:30:00
cvelist
cvelist
CVE-2009-1226
2009-04-02 15:00:00
prion
prion
Code injection
2009-04-02 15:30:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.6%
Related for CVE-2009-1226