Lucene search

[email protected]CVE-2009-3702

HistoryDec 22, 2009 - 7:30 p.m.

CVE-2009-3702

2009-12-2219:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2009-3702

path traversal

php-calendar

remote file inclusion

security vulnerability

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.5%

JSON

Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

CPENameOperatorVersion
php-calendar:php-calendarphp-calendareq1.1

CPE	Name	Operator	Version
php-calendar:php-calendar	php-calendar	eq	1.1

References

www.securityfocus.com/archive/1/508548/100/0/threaded

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.5%

JSON

Related for CVE-2009-3702

seebug1 securityvulns2 packetstorm1 prion1 cvelist1 openvas1