CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-2333

Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3) admin/admin_edit.php; and (4) delete arbitrary local files via a .. (dot dot) in the id parameter to admin/admin_delete.php. NOTE: vector 2 can be leveraged for static code injection by sending a crafted menu parameter to admin/admin_menu.php, and then sending an id=../menu.csv request to index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.4%

CVSS Severity

CVSS v2 Score 7.5

References

http://osvdb.org/55666
http://osvdb.org/55667
http://osvdb.org/55668
http://osvdb.org/55669
http://www.exploit-db.com/exploits/9069
http://osvdb.org/55666
http://osvdb.org/55667
http://osvdb.org/55668
http://osvdb.org/55669
http://www.exploit-db.com/exploits/9069

Products affected by CVE-2009-2333

Cms.tut.su » Cms Chainuk » Version: Any

cpe:2.3:a:cms.tut.su:cms_chainuk:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-2333

Products

Pricing

Contact Us