Lucene search

[email protected]CVE-2009-1314

HistoryApr 17, 2009 - 12:30 a.m.

CVE-2009-1314

2009-04-1700:30:00

[email protected]

web.nvd.nist.gov

cve

web file explorer

remote code execution

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.3%

JSON

body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.

Affected configurations

NVD

Node

webfileexplorerweb_file_explorerMatch3.1

CPENameOperatorVersion
webfileexplorer:web_file_explorerwebfileexplorer web file explorereq3.1

CPE	Name	Operator	Version
webfileexplorer:web_file_explorer	webfileexplorer web file explorer	eq	3.1

References

exchange.xforce.ibmcloud.com/vulnerabilities/50389

www.exploit-db.com/exploits/8382

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.3%

JSON

Related for CVE-2009-1314

nvd1 cvelist1 prion1