Lucene search

[email protected]CVE-2009-2333

HistoryJul 05, 2009 - 4:30 p.m.

CVE-2009-2333

2009-07-0516:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cms chainuk

directory traversal

vulnerabilities

remote attackers

code injection

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.7%

JSON

Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a … (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3) admin/admin_edit.php; and (4) delete arbitrary local files via a … (dot dot) in the id parameter to admin/admin_delete.php. NOTE: vector 2 can be leveraged for static code injection by sending a crafted menu parameter to admin/admin_menu.php, and then sending an id=…/menu.csv request to index.php.

Affected configurations

NVD

Node

cms.tut.sucms_chainukRange≤1.2

CPENameOperatorVersion
cms.tut.su:cms_chainukcms.tut.su cms chainukle1.2

CPE	Name	Operator	Version
cms.tut.su:cms_chainuk	cms.tut.su cms chainuk	le	1.2

References

osvdb.org/55666

osvdb.org/55667

osvdb.org/55668

osvdb.org/55669

www.exploit-db.com/exploits/9069

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for CVE-2009-2333

cvelist1 nvd1 prion1