Lucene search
MitreCVE-2009-2641HistoryJul 28, 2009 - 7:30 p.m.
CVE-2009-2641
2009-07-2819:30:00
CWE-94
mitre
web.nvd.nist.gov
27
cve
2009
2641
php
remote file inclusion
vulnerability
school data navigator
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.011
Percentile
84.3%
PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via … (dot dot) sequences.
Affected configurations
Node
rich_whiteschool_data_nav
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rich_white | school_data_nav | * | cpe:2.3:a:rich_white:school_data_nav:*:*:*:*:*:*:*:* |
References
Related
prion
prion
Remote file inclusion
2009-07-28 19:30:00
exploitdb
exploitdb
School Data Navigator - 'page' Local/Remote File Inclusion
2009-06-10 00:00:00
nvd
nvd
CVE-2009-2641
2009-07-28 19:30:00
cvelist
cvelist
CVE-2009-2641
2009-07-28 19:06:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.6
Confidence
Low
EPSS
0.011
Percentile
84.3%
Related for CVE-2009-2641