CVE-2009-4512

2009-12-3119:00:00

mitre

www.cve.org

AI Score

7.2

Confidence

High

EPSS

0.031

Percentile

91.1%

JSON

Directory traversal vulnerability in index.php in Oscailt 3.3, when Use Friendly URL’s is disabled, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the obj_id parameter.

References

packetstormsecurity.org/0910-exploits/oscailt33-lfi.txt

secunia.com/advisories/37180

securityreason.com/exploitalert/7422

www.vupen.com/english/advisories/2009/3096

exchange.xforce.ibmcloud.com/vulnerabilities/54023