Lucene search

[email protected]CVE-2010-4399

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-4399

2022-10-0316:21:06

CWE-22

[email protected]

web.nvd.nist.gov

cve

2010

4399

directory traversal

vulnerability

dynpg cms

remote attackers

nvd

6.9 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.143 Low

EPSS

Percentile

95.8%

JSON

Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a … (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

dynpgdynpgMatch4.1.1

dynpgdynpgMatch4.2.0

CPENameOperatorVersion
dynpg:dynpgdynpgeq4.1.1
dynpg:dynpgdynpgeq4.2.0

CPE	Name	Operator	Version
dynpg:dynpg	dynpg	eq	4.1.1
dynpg:dynpg	dynpg	eq	4.2.0

References

osvdb.org/69539

packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt

secunia.com/advisories/42380

www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226

www.exploit-db.com/exploits/15646

www.htbridge.ch/advisory/lfi_in_dynpg.html

www.securityfocus.com/bid/45115

Social References

6.9 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.143 Low

EPSS

Percentile

95.8%

JSON

Related for CVE-2010-4399

prion1 nvd1 cvelist1 htbridge1