Lucene search

[email protected]CVE-2009-2379

HistoryJul 08, 2009 - 3:30 p.m.

CVE-2009-2379

2009-07-0815:30:01

CWE-22

[email protected]

web.nvd.nist.gov

cve

2009

2379

directory traversal

bigace web cms 2.6

vulnerability

remote attack

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.229 Low

EPSS

Percentile

96.6%

JSON

Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the cmd parameter.

Affected configurations

NVD

Node

bigacebigace_cmsMatch2.6

CPENameOperatorVersion
bigace:bigace_cmsbigace bigace cmseq2.6

CPE	Name	Operator	Version
bigace:bigace_cms	bigace bigace cms	eq	2.6

References

forum.bigace.de/announcements/security-patch-for-bigace-2-6

osvdb.org/55510

secunia.com/advisories/35643

securitytracker.com/id?1022489

www.bigace.de/Security-patch-for-BIGACE-2.6-released.html

www.exploit-db.com/exploits/9052

www.securityfocus.com/bid/35537

exchange.xforce.ibmcloud.com/vulnerabilities/51444

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.229 Low

EPSS

Percentile

96.6%

JSON

Related for CVE-2009-2379

nvd1 prion1 cvelist1