Lucene search

[email protected]CVE-2009-2784

HistoryAug 17, 2009 - 4:30 p.m.

CVE-2009-2784

2009-08-1716:30:01

CWE-22

[email protected]

web.nvd.nist.gov

cve

2009

2784

directory traversal

dit.cms

remote attackers

php

file inclusion

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.1%

JSON

Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a … (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_slideopen/, (11) menus/top_dropdown/, and (12) menus/topside/; and the (13) relPath parameter to index/index.php. NOTE: PHP remote file inclusion vulnerabilities reportedly also exist for some of these vectors.

Affected configurations

NVD

Node

ditcmsdit.cmsMatch1.3

CPENameOperatorVersion
ditcms:dit.cmsditcms dit.cmseq1.3

CPE	Name	Operator	Version
ditcms:dit.cms	ditcms dit.cms	eq	1.3

References

secunia.com/advisories/36076

www.exploit-db.com/exploits/9310

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.1%

JSON

Related for CVE-2009-2784

cvelist1 nvd1 prion1