Lucene search

[email protected]CVE-2010-0967

HistoryMar 16, 2010 - 7:00 p.m.

CVE-2010-0967

2010-03-1619:00:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

directory traversal

vulnerabilities

geekhelps admp 1.01

remote attackers

arbitrary local files

magic_quotes_gpc

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.2%

JSON

Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the style parameter to (1) colorvoid/footer.php, (2) default-green/footer.php, (3) default-orange/footer.php, and (4) default/footer.php in themes/. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

geekhelpsadmpMatch1.01

CPENameOperatorVersion
geekhelps:admpgeekhelps admpeq1.01

CPE	Name	Operator	Version
geekhelps:admp	geekhelps admp	eq	1.01

References

osvdb.org/62915

osvdb.org/62916

osvdb.org/62917

osvdb.org/62918

secunia.com/advisories/38949

www.exploit-db.com/exploits/11721

www.vupen.com/english/advisories/2010/0612

exchange.xforce.ibmcloud.com/vulnerabilities/56857

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.2%

JSON

Related for CVE-2010-0967

prion1 nvd1 cvelist1