Lucene search

[email protected]NVD:CVE-2009-4465

HistoryDec 30, 2009 - 8:00 p.m.

CVE-2009-4465

2009-12-3020:00:01

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.007

Percentile

80.7%

JSON

DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) templates/ including (2) templates/deluxe/admincp/, (3) templates/corporate/admincp/, and (4) templates/blue/admincp/; (5) images/; (6) logs/ including (7) logs/cp.php; (8) wysiwyg/; (9) docs/; (10) classes/; (11) lang/; and (12) settings/.

Affected configurations

Nvd

Node

deluxebbdeluxebbMatch1.3

VendorProductVersionCPE
deluxebbdeluxebb1.3cpe:2.3:a:deluxebb:deluxebb:1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
deluxebb	deluxebb	1.3	cpe:2.3:a:deluxebb:deluxebb:1.3:::::::*

References

www.exploit-db.com/exploits/10598

www.securityfocus.com/bid/37448

exchange.xforce.ibmcloud.com/vulnerabilities/54975

exchange.xforce.ibmcloud.com/vulnerabilities/54977

exchange.xforce.ibmcloud.com/vulnerabilities/54978

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.007

Percentile

80.7%

JSON

Related for NVD:CVE-2009-4465

cvelist1 prion1 cve1 seebug1 exploitdb1 openvas2