Lucene search

[email protected]CVE-2009-1739

HistoryMay 20, 2009 - 7:30 p.m.

CVE-2009-1739

2009-05-2019:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2009-1739

pad site scripts 3.6

authentication bypass

remote attack

privilege escalation

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.043 Low

EPSS

Percentile

92.4%

JSON

PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username.

Affected configurations

NVD

Node

phpeasycodepad_site_scriptsMatch3.6

CPENameOperatorVersion
phpeasycode:pad_site_scriptsphpeasycode pad site scriptseq3.6

CPE	Name	Operator	Version
phpeasycode:pad_site_scripts	phpeasycode pad site scripts	eq	3.6

References

osvdb.org/54593

secunia.com/advisories/35155

www.securityfocus.com/bid/35027

exchange.xforce.ibmcloud.com/vulnerabilities/50622

www.exploit-db.com/exploits/8735

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.043 Low

EPSS

Percentile

92.4%

JSON

Related for CVE-2009-1739

prion1 cvelist1 nvd1