Lucene search
MitreCVELIST:CVE-2009-1936HistoryJun 05, 2009 - 6:13 p.m.
CVE-2009-1936
2009-06-0518:13:00
mitre
www.cve.org
3
_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500.
Related
cve
cve
CVE-2009-1936
2009-06-05 18:30:00
CVE-2003-1500
2007-10-25 19:00:00
prion
prion
Directory traversal
2009-06-05 18:30:00
nvd
nvd
CVE-2009-1936
2009-06-05 18:30:00
CVE-2003-1500
2003-12-31 05:00:00
cvelist
cvelist
CVE-2003-1500
2007-10-25 19:00:00
exploitdb
exploitdb
CPCommerce 1.2.x - 'GLOBALS[prefix]' Arbitrary File Inclusion
2009-05-26 00:00:00
canvas
canvas
Immunity Canvas: CPCOMMERCE_RFI
2009-06-05 18:30:00