Lucene search

[email protected]CVE-2009-1765

HistoryMay 22, 2009 - 6:30 p.m.

CVE-2009-1765

2009-05-2218:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2009-1765

directory traversal

remote file inclusion

pluck 4.6.2

nvd

cve-2008-3194

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.037 Low

EPSS

Percentile

91.8%

JSON

Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a … (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194.

Affected configurations

NVD

Node

pluck-cmspluckMatch4.6.2

CPENameOperatorVersion
pluck-cms:pluckpluck-cms pluckeq4.6.2

CPE	Name	Operator	Version
pluck-cms:pluck	pluck-cms pluck	eq	4.6.2

References

secunia.com/advisories/35145

www.securityfocus.com/bid/35007

www.exploit-db.com/exploits/8715

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.037 Low

EPSS

Percentile

91.8%

JSON

Related for CVE-2009-1765

prion3 cvelist3 nvd3 canvas1 cve2