CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-2787

Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.021

EPSS Ranking 83.5%

CVSS Severity

CVSS v2 Score 6.8

References

http://osvdb.org/56613
http://packetstormsecurity.org/0907-exploits/punbbrep-lfi.txt
http://secunia.com/advisories/36020
http://www.exploit-db.com/exploits/9315
https://exchange.xforce.ibmcloud.com/vulnerabilities/52138
http://osvdb.org/56613
http://packetstormsecurity.org/0907-exploits/punbbrep-lfi.txt
http://secunia.com/advisories/36020
http://www.exploit-db.com/exploits/9315
https://exchange.xforce.ibmcloud.com/vulnerabilities/52138

Products affected by CVE-2009-2787

Punbb » Punbb » Version: Any

cpe:2.3:a:punbb:punbb:*
Reputation » Reputation » Version: Any

cpe:2.3:a:reputation:reputation:*
Reputation » Reputation » Version: 2.0.4

cpe:2.3:a:reputation:reputation:2.0.4
Reputation » Reputation » Version: 2.2.3

cpe:2.3:a:reputation:reputation:2.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-2787

Products

Pricing

Contact Us