Lucene search

[email protected]CVE-2009-2218

HistoryJun 25, 2009 - 11:14 p.m.

CVE-2009-2218

2009-06-2523:14:15

CWE-94

[email protected]

web.nvd.nist.gov

cve-2009-2218

php

remote file inclusion

phpcollegeexchange

vulnerability

nvd

security

php code execution

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.5%

JSON

Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php; or (5) allbooks.php, (6) home.php, or (7) mybooks.php in books/. NOTE: house/myrents.php was also separately reported as a local file inclusion issue.

Affected configurations

NVD

Node

david_degnerphpcollegeexchangeMatch0.1.5c

CPENameOperatorVersion
david_degner:phpcollegeexchangedavid degner phpcollegeexchangeeq0.1.5c

CPE	Name	Operator	Version
david_degner:phpcollegeexchange	david degner phpcollegeexchange	eq	0.1.5c

References

secunia.com/advisories/35452

www.exploit-db.com/exploits/9008

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.5%

JSON

Related for CVE-2009-2218

prion1 cvelist1 nvd1