Lucene search

[email protected]CVE-2009-4541

HistoryJan 04, 2010 - 5:30 p.m.

CVE-2009-4541

2010-01-0417:30:00

CWE-94

[email protected]

web.nvd.nist.gov

cve

isolsoft support center 2.5

php

remote file inclusion

vulnerability

nvd

security

arbitrary code execution

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.9%

JSON

Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a URL in the lang parameter in an adduser action to (3) index.php. NOTE: this can also be leveraged to include and execute arbitrary local files via … (dot dot) sequences.

CPENameOperatorVersion
isolsoft:support_centerisolsoft support centereq2.5

CPE	Name	Operator	Version
isolsoft:support_center	isolsoft support center	eq	2.5

References

osvdb.org/56869

osvdb.org/56870

osvdb.org/56871

secunia.com/advisories/36208

www.exploit-db.com/exploits/9397

www.securityfocus.com/bid/35997

exchange.xforce.ibmcloud.com/vulnerabilities/52350

exchange.xforce.ibmcloud.com/vulnerabilities/52352

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.9%

JSON

Related for CVE-2009-4541

prion1 cvelist1