Lucene search

[email protected]CVE-2009-2263

HistoryJun 30, 2009 - 10:30 a.m.

CVE-2009-2263

2009-06-3010:30:22

CWE-22

[email protected]

web.nvd.nist.gov

cve

2009

2263

directory traversal

php

mega file manager

vulnerability

remote execution

unc

ftp

ftps

ssh2

sftp

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Affected configurations

NVD

Node

awesomephpmega_file_managerMatch1.0

CPENameOperatorVersion
awesomephp:mega_file_managerawesomephp mega file managereq1.0

CPE	Name	Operator	Version
awesomephp:mega_file_manager	awesomephp mega file manager	eq	1.0

References

secunia.com/advisories/35545

www.exploit-db.com/exploits/9025

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2009-2263

prion1 cvelist1 nvd1