CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-3151

Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 77.9%

CVSS Severity

CVSS v2 Score 5.0

References

http://www.exploit-db.com/exploits/9307
https://exchange.xforce.ibmcloud.com/vulnerabilities/52166
http://www.exploit-db.com/exploits/9307
https://exchange.xforce.ibmcloud.com/vulnerabilities/52166

Products affected by CVE-2009-3151

Ultrize » Timesheet » Version: 1.2.2

cpe:2.3:a:ultrize:timesheet:1.2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-3151

Products

Pricing

Contact Us