Lucene search

[email protected]CVE-2010-1062

HistoryMar 23, 2010 - 5:30 p.m.

CVE-2010-1062

2010-03-2317:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2010-1062

directory traversal

code injection

phpkobo free real estate contact form

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.9%

JSON

Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

phpkobofree_real_estate_contact_form_scriptMatch1.09

CPENameOperatorVersion
phpkobo:free_real_estate_contact_form_scriptphpkobo free real estate contact form scripteq1.09

CPE	Name	Operator	Version
phpkobo:free_real_estate_contact_form_script	phpkobo free real estate contact form script	eq	1.09

References

packetstormsecurity.org/1003-exploits/frecf-lfi.txt

secunia.com/advisories/38967

www.exploit-db.com/exploits/11773

www.securityfocus.com/bid/38731

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.9%

JSON

Related for CVE-2010-1062

prion1 cvelist1 nvd1