exploitDog

CVE-2009-2109

Опубликовано: 18 июн. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php.

Ссылки

http://osvdb.org/55166
Broken Link
http://osvdb.org/55196
Broken Link
http://secunia.com/advisories/35492
Vendor Advisory
https://www.exploit-db.com/exploits/8979
Third Party Advisory
VDB Entry
http://osvdb.org/55166
Broken Link
http://osvdb.org/55196
Broken Link
http://secunia.com/advisories/35492
Vendor Advisory
https://www.exploit-db.com/exploits/8979
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fretsweb_project:fretsweb:1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04704

Низкий

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-cvvg-v2x4-j3c2

github

почти 4 года назад

Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php.

EPSS

Процентиль: 89%

0.04704

Низкий

5 Medium

CVSS2

Дефекты

CWE-22