Lucene search

[email protected]CVE-2009-4739

HistoryMar 26, 2010 - 8:30 p.m.

CVE-2009-4739

2010-03-2620:30:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2009-4739

php

remote file inclusion

skadate dating

vulnerability

arbitrary code execution

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.4%

JSON

PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to execute arbitrary PHP code via a URL in the language_id parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.

Affected configurations

NVD

Node

skadateskadate_online_dating_software

CPENameOperatorVersion
skadate:skadate_online_dating_softwareskadate skadate online dating softwareeq*

CPE	Name	Operator	Version
skadate:skadate_online_dating_software	skadate skadate online dating software	eq	*

References

osvdb.org/56543

secunia.com/advisories/35997

www.exploit-db.com/exploits/9260

www.securityfocus.com/bid/35813

exchange.xforce.ibmcloud.com/vulnerabilities/52003

exchange.xforce.ibmcloud.com/vulnerabilities/57249

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.4%

JSON

Related for CVE-2009-4739

prion1 nvd1 cvelist1