Lucene search

[email protected]CVE-2009-2449

HistoryJul 13, 2009 - 5:30 p.m.

CVE-2009-2449

2009-07-1317:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2009

2449

directory traversal

vulnerability

adbnewssender

mailing list

admin

change config

php

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.1%

JSON

Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the path_to_lang parameter.

Affected configurations

NVD

Node

adbnewssenderadbnewssenderRange≤1.5.5

adbnewssenderadbnewssenderMatch1.0

adbnewssenderadbnewssenderMatch1.1

adbnewssenderadbnewssenderMatch1.1.1

adbnewssenderadbnewssenderMatch1.1.2

adbnewssenderadbnewssenderMatch1.2.0

adbnewssenderadbnewssenderMatch1.2.1

adbnewssenderadbnewssenderMatch1.2.2

adbnewssenderadbnewssenderMatch1.2.3

adbnewssenderadbnewssenderMatch1.2.4

adbnewssenderadbnewssenderMatch1.3.0

adbnewssenderadbnewssenderMatch1.3.1

adbnewssenderadbnewssenderMatch1.3.2

adbnewssenderadbnewssenderMatch1.3.3

adbnewssenderadbnewssenderMatch1.4.0

adbnewssenderadbnewssenderMatch1.4.1

adbnewssenderadbnewssenderMatch1.4.2

adbnewssenderadbnewssenderMatch1.4.3

adbnewssenderadbnewssenderMatch1.4.4

adbnewssenderadbnewssenderMatch1.4.5

adbnewssenderadbnewssenderMatch1.4.6

adbnewssenderadbnewssenderMatch1.4.7

adbnewssenderadbnewssenderMatch1.4.8

adbnewssenderadbnewssenderMatch1.4.9

adbnewssenderadbnewssenderMatch1.4.10

adbnewssenderadbnewssenderMatch1.4.11

adbnewssenderadbnewssenderMatch1.5.0

adbnewssenderadbnewssenderMatch1.5.1

adbnewssenderadbnewssenderMatch1.5.2

CPENameOperatorVersion
adbnewssender:adbnewssenderadbnewssenderle1.5.5
adbnewssender:adbnewssenderadbnewssendereq1.0
adbnewssender:adbnewssenderadbnewssendereq1.1
adbnewssender:adbnewssenderadbnewssendereq1.1.1
adbnewssender:adbnewssenderadbnewssendereq1.1.2
adbnewssender:adbnewssenderadbnewssendereq1.2.0
adbnewssender:adbnewssenderadbnewssendereq1.2.1
adbnewssender:adbnewssenderadbnewssendereq1.2.2
adbnewssender:adbnewssenderadbnewssendereq1.2.3
adbnewssender:adbnewssenderadbnewssendereq1.2.4

CPE	Name	Operator	Version
adbnewssender:adbnewssender	adbnewssender	le	1.5.5
adbnewssender:adbnewssender	adbnewssender	eq	1.0
adbnewssender:adbnewssender	adbnewssender	eq	1.1
adbnewssender:adbnewssender	adbnewssender	eq	1.1.1
adbnewssender:adbnewssender	adbnewssender	eq	1.1.2
adbnewssender:adbnewssender	adbnewssender	eq	1.2.0
adbnewssender:adbnewssender	adbnewssender	eq	1.2.1
adbnewssender:adbnewssender	adbnewssender	eq	1.2.2
adbnewssender:adbnewssender	adbnewssender	eq	1.2.3
adbnewssender:adbnewssender	adbnewssender	eq	1.2.4

Rows per page:

1-10 of 291

References

secunia.com/advisories/35845

sourceforge.net/apps/mantisbt/adbnewssender/view.php?id=22

sourceforge.net/project/shownotes.php?release_id=694644

www.securityfocus.com/bid/35596

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.1%

JSON

Related for CVE-2009-2449

prion1 cvelist1 nvd1