CVE-2009-3425

2009-09-2522:00:00

mitre

www.cve.org

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.0%

JSON

Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter.

References

secunia.com/advisories/36105

www.exploit-db.com/exploits/9350

www.vupen.com/english/advisories/2009/2136