Lucene search

PRIOn knowledge basePRION:CVE-2009-3702

HistoryDec 22, 2009 - 7:30 p.m.

Path traversal

2009-12-2219:30:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.0%

JSON

Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

CPENameOperatorVersion
php-calendareq1.1

CPE	Name	Operator	Version
	php-calendar	eq	1.1

References

www.securityfocus.com/archive/1/508548/100/0/threaded

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.0%

JSON

Related for PRION:CVE-2009-3702