Vulnerability Details CVE-2009-2443
Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.081
EPSS Ranking 91.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://osvdb.org/55683
- http://secunia.com/advisories/35761
- http://www.packetstormsecurity.org/0907-exploits/siteframe-sqlphpinfo.txt
- http://www.securityfocus.com/bid/35598
- http://www.vupen.com/english/advisories/2009/1822
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51579
- http://osvdb.org/55683
- http://secunia.com/advisories/35761
- http://www.packetstormsecurity.org/0907-exploits/siteframe-sqlphpinfo.txt
- http://www.securityfocus.com/bid/35598
- http://www.vupen.com/english/advisories/2009/1822
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51579
Products affected by CVE-2009-2443
-
cpe:2.3:a:siteframe:siteframe_cms:3.2.1
-
cpe:2.3:a:siteframe:siteframe_cms:3.2.2
-
cpe:2.3:a:siteframe:siteframe_cms:3.2.3