Lucene search

[email protected]CVE-2009-1774

HistoryMay 22, 2009 - 6:30 p.m.

CVE-2009-1774

2009-05-2218:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2009-1774

directory traversal

strawberry 1.1.1

remote attack

arbitrary file execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.9%

JSON

Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

strawberrystrawberryMatch1.1.1

CPENameOperatorVersion
strawberry:strawberrystrawberryeq1.1.1

CPE	Name	Operator	Version
strawberry:strawberry	strawberry	eq	1.1.1

References

secunia.com/advisories/28330

www.securityfocus.com/bid/34971

exchange.xforce.ibmcloud.com/vulnerabilities/50562

www.exploit-db.com/exploits/8681

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for CVE-2009-1774

nvd1 canvas1 prion1 cvelist1