Lucene search

MitreCVE-2009-4465

HistoryDec 30, 2009 - 8:00 p.m.

CVE-2009-4465

2009-12-3020:00:01

CWE-264

mitre

web.nvd.nist.gov

cve-2009-4465

deluxebb 1.3

sensitive information

access control

remote attackers

administrative access

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.007

Percentile

80.7%

JSON

DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) templates/ including (2) templates/deluxe/admincp/, (3) templates/corporate/admincp/, and (4) templates/blue/admincp/; (5) images/; (6) logs/ including (7) logs/cp.php; (8) wysiwyg/; (9) docs/; (10) classes/; (11) lang/; and (12) settings/.

Affected configurations

Nvd

Node

deluxebbdeluxebbMatch1.3

VendorProductVersionCPE
deluxebbdeluxebb1.3cpe:2.3:a:deluxebb:deluxebb:1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
deluxebb	deluxebb	1.3	cpe:2.3:a:deluxebb:deluxebb:1.3:::::::*

References

www.exploit-db.com/exploits/10598

www.securityfocus.com/bid/37448

exchange.xforce.ibmcloud.com/vulnerabilities/54975

exchange.xforce.ibmcloud.com/vulnerabilities/54977

exchange.xforce.ibmcloud.com/vulnerabilities/54978

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.007

Percentile

80.7%

JSON

Related for CVE-2009-4465