Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2009-4024
HistoryNov 29, 2009 - 1:07 p.m.

CVE-2009-4024

2009-11-2913:07:35
CWE-94
redhat
web.nvd.nist.gov
43
cve-2009-4024
argument injection
ping.php
net_ping
pear
remote attackers
shell commands

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.011

Percentile

84.6%

JSON

Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem.

Affected configurations

Nvd
Node
pearpearRange2.4.4
OR
pearpearMatch0.1
OR
pearpearMatch1.0
OR
pearpearMatch1.0.1
OR
pearpearMatch2.1
OR
pearpearMatch2.2
OR
pearpearMatch2.3
OR
pearpearMatch2.4
OR
pearpearMatch2.4.1
OR
pearpearMatch2.4.2
OR
pearpearMatch2.4.3
VendorProductVersionCPE
pearpear*cpe:2.3:a:pear:pear:*:*:*:*:*:*:*:*
pearpear0.1cpe:2.3:a:pear:pear:0.1:*:*:*:*:*:*:*
pearpear1.0cpe:2.3:a:pear:pear:1.0:*:*:*:*:*:*:*
pearpear1.0.1cpe:2.3:a:pear:pear:1.0.1:*:*:*:*:*:*:*
pearpear2.1cpe:2.3:a:pear:pear:2.1:*:*:*:*:*:*:*
pearpear2.2cpe:2.3:a:pear:pear:2.2:*:*:*:*:*:*:*
pearpear2.3cpe:2.3:a:pear:pear:2.3:*:*:*:*:*:*:*
pearpear2.4cpe:2.3:a:pear:pear:2.4:*:*:*:*:*:*:*
pearpear2.4.1cpe:2.3:a:pear:pear:2.4.1:*:*:*:*:*:*:*
pearpear2.4.2cpe:2.3:a:pear:pear:2.4.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 111

Related

fedora 3
nvd 1
osv 1
nessus 5
cvelist 1
ubuntucve 1
openvas 4
prion 1
debian 1
freebsd 1
fedora
fedora
[SECURITY] Fedora 12 Update: php-pear-Net-Ping-2.4.5-1.fc12
2009-11-25 15:08:58
[SECURITY] Fedora 10 Update: php-pear-Net-Ping-2.4.5-1.fc10
2009-11-25 15:28:19
[SECURITY] Fedora 11 Update: php-pear-Net-Ping-2.4.5-1.fc11
2009-11-25 15:33:37
nvd
nvd
CVE-2009-4024
2009-11-29 13:07:35
osv
osv
php-net-ping - arbitrary code execution
2009-12-12 00:00:00
nessus
nessus
Fedora 11 : php-pear-Net-Ping-2.4.5-1.fc11 (2009-11613)
2009-11-30 00:00:00
Fedora 12 : php-pear-Net-Ping-2.4.5-1.fc12 (2009-11523)
2009-11-30 00:00:00
Debian DSA-1949-1 : php-net-ping - programming error
2010-02-24 00:00:00
cvelist
cvelist
CVE-2009-4024
2009-11-28 17:00:00
ubuntucve
ubuntucve
CVE-2009-4024
2009-11-29 00:00:00
openvas
openvas
Debian Security Advisory DSA 1949-1 (php-net-ping)
2009-12-14 00:00:00
Debian: Security Advisory (DSA-1949-1)
2009-12-14 00:00:00
FreeBSD Ports: pear-Net_Ping
2010-01-07 00:00:00
prion
prion
Design/Logic Flaw
2009-11-29 13:07:00
debian
debian
[SECURITY] [DSA 1949-1] New php-net-ping packages fix arbitrary code execution
2009-12-12 08:52:41
freebsd
freebsd
PEAR -- Net_Ping and Net_Traceroute remote arbitrary command injection
2009-11-14 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.011

Percentile

84.6%

JSON
Related for CVE-2009-4024
fedora3nvd1osv1nessus5cvelist1ubuntucve1openvas4prion1debian1freebsd1