Lucene search

[email protected]CVE-2009-3716

HistoryOct 16, 2009 - 4:30 p.m.

CVE-2009-3716

2009-10-1616:30:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-3716

file upload vulnerability

remote code execution

mcshoutbox

security flaw

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.9%

JSON

Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/.

Affected configurations

NVD

Node

maniacomputermcshoutboxMatch1.1

CPENameOperatorVersion
maniacomputer:mcshoutboxmaniacomputer mcshoutboxeq1.1

CPE	Name	Operator	Version
maniacomputer:mcshoutbox	maniacomputer mcshoutbox	eq	1.1

References

osvdb.org/56064

secunia.com/advisories/35885

www.exploit-db.com/exploits/9205

exchange.xforce.ibmcloud.com/vulnerabilities/51864

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.9%

JSON

Related for CVE-2009-3716

prion1 cvelist1 nvd1