Lucene search

MitreCVE-2010-4399

HistoryDec 06, 2010 - 1:37 p.m.

CVE-2010-4399

2010-12-0613:37:31

CWE-22

mitre

web.nvd.nist.gov

cve

2010

4399

directory traversal

vulnerability

dynpg cms

remote attackers

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.038

Percentile

92.0%

JSON

Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a … (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

dynpgdynpgMatch4.1.1

dynpgdynpgMatch4.2.0

VendorProductVersionCPE
dynpgdynpg4.1.1cpe:2.3:a:dynpg:dynpg:4.1.1:*:*:*:*:*:*:*
dynpgdynpg4.2.0cpe:2.3:a:dynpg:dynpg:4.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dynpg	dynpg	4.1.1	cpe:2.3:a:dynpg:dynpg:4.1.1:::::::*
dynpg	dynpg	4.2.0	cpe:2.3:a:dynpg:dynpg:4.2.0:::::::*

References

osvdb.org/69539

packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt

secunia.com/advisories/42380

www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226

www.exploit-db.com/exploits/15646

www.htbridge.ch/advisory/lfi_in_dynpg.html

www.securityfocus.com/bid/45115

Social References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.038

Percentile

92.0%

JSON

Related for CVE-2010-4399