exploitDog

CVE-2009-1765

Опубликовано: 22 мая 2009

Источник: nvd

CVSS2: 6.8

EPSS Средний

Описание

Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194.

Ссылки

http://secunia.com/advisories/35145
Vendor Advisory
http://www.securityfocus.com/bid/35007
Exploit
https://www.exploit-db.com/exploits/8715
http://secunia.com/advisories/35145
Vendor Advisory
http://www.securityfocus.com/bid/35007
Exploit
https://www.exploit-db.com/exploits/8715

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pluck-cms:pluck:4.6.2:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.52013

Средний

6.8 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-xgx3-9xwc-w89c

github

почти 4 года назад

Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194.

EPSS

Процентиль: 98%

0.52013

Средний

6.8 Medium

CVSS2

Дефекты

CWE-22