CVE-2009-1462

Опубликовано: 28 апр. 2009

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.

Ссылки

http://marc.info/?l=full-disclosure&m=123990481506680&w=2
Exploit
http://marc.info/?l=full-disclosure&m=123998062108561&w=2
Exploit
http://razorcms.co.uk/support/viewtopic.php?f=13&t=325
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/34566
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/50358
http://marc.info/?l=full-disclosure&m=123990481506680&w=2
Exploit
http://marc.info/?l=full-disclosure&m=123998062108561&w=2
Exploit
http://razorcms.co.uk/support/viewtopic.php?f=13&t=325
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/34566
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/50358

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:razorcms:razorcms:*:*:*:*:*:*:*:*

Версия до 0.3 (включая)

cpe:2.3:a:razorcms:razorcms:0.2:*:*:*:*:*:*:*

cpe:2.3:a:razorcms:razorcms:0.3:rc2:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00045

Низкий

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-466g-m7c7-p5x4

github

почти 4 года назад