Lucene search
HistoryJul 07, 2009 - 11:30 p.m.
CVE-2009-2353
eaccelerator
encoder.php
remote code execution
file upload
cve-2009-2353
nvd
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
85.8%
encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files.
Affected configurations
Node
eacceleratoreacceleratorMatch0.9.4
OReacceleratoreacceleratorMatch0.9.5
OReacceleratoreacceleratorMatch0.9.5beta1
OReacceleratoreacceleratorMatch0.9.5beta2
OReacceleratoreacceleratorMatch0.9.5rc1
OReacceleratoreacceleratorMatch0.9.5.1
OReacceleratoreacceleratorMatch0.9.5.2
OReacceleratoreacceleratorMatch0.9.5.3
Related
openvas
openvas
Mandrake Security Advisory MDVSA-2009:188 (php4-eaccelerator)
2009-08-17 00:00:00
Mandrake Security Advisory MDVSA-2009:188 (php4-eaccelerator)
2009-08-17 00:00:00
cvelist
cvelist
CVE-2009-2353
2009-07-07 23:00:00
nvd
nvd
CVE-2009-2353
2009-07-07 23:30:00
prion
prion
Design/Logic Flaw
2009-07-07 23:30:00
nessus
nessus
eAccelerator encoder.php File Backup
2009-07-22 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
85.8%
Related for CVE-2009-2353