Lucene search

[email protected]CVE-2009-2110

HistoryJun 18, 2009 - 9:30 p.m.

CVE-2009-2110

2009-06-1821:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2009-2110

directory traversal

db top sites 1.0

security vulnerability

nvd

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.5%

JSON

Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a … (dot dot) in the u parameter to (1) full.php, (2) index.php, and (3) contact.php.

Affected configurations

NVD

Node

jnmsolutionsdb_top_sitesMatch1.0

CPENameOperatorVersion
jnmsolutions:db_top_sitesjnmsolutions db top siteseq1.0

CPE	Name	Operator	Version
jnmsolutions:db_top_sites	jnmsolutions db top sites	eq	1.0

References

osvdb.org/55116

osvdb.org/55117

osvdb.org/55118

secunia.com/advisories/35419

exchange.xforce.ibmcloud.com/vulnerabilities/51120

www.exploit-db.com/exploits/8952

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.5%

JSON

Related for CVE-2009-2110

prion1 nvd1 cvelist1