Lucene search

[email protected]NVD:CVE-2009-1739

HistoryMay 20, 2009 - 7:30 p.m.

CVE-2009-1739

2009-05-2019:30:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.043

Percentile

92.3%

JSON

PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username.

Affected configurations

Nvd

Node

phpeasycodepad_site_scriptsMatch3.6

VendorProductVersionCPE
phpeasycodepad_site_scripts3.6cpe:2.3:a:phpeasycode:pad_site_scripts:3.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpeasycode	pad_site_scripts	3.6	cpe:2.3:a:phpeasycode:pad_site_scripts:3.6:::::::*

References

osvdb.org/54593

secunia.com/advisories/35155

www.securityfocus.com/bid/35027

exchange.xforce.ibmcloud.com/vulnerabilities/50622

www.exploit-db.com/exploits/8735

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.043

Percentile

92.3%

JSON

Related for NVD:CVE-2009-1739

cve1 prion1 cvelist1 exploitdb1