CVE-2009-2132

Опубликовано: 19 июн. 2009

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.

Ссылки

http://bbs.wolvez.org/topic/56/
Exploit
http://secunia.com/advisories/35427
Vendor Advisory
http://www.4homepages.de/forum/index.php?topic=15186.0
http://bbs.wolvez.org/topic/56/
Exploit
http://secunia.com/advisories/35427
Vendor Advisory
http://www.4homepages.de/forum/index.php?topic=15186.0

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:4homepages:4images:*:*:*:*:*:*:*:*

Версия до 1.7.6 (включая)

cpe:2.3:a:4homepages:4images:1.0:rc-1:*:*:*:*:*:*

cpe:2.3:a:4homepages:4images:1.0:rc-2:*:*:*:*:*:*

cpe:2.3:a:4homepages:4images:1.5:*:*:*:*:*:*:*

cpe:2.3:a:4homepages:4images:1.6:*:*:*:*:*:*:*

cpe:2.3:a:4homepages:4images:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:4homepages:4images:1.7:*:*:*:*:*:*:*

cpe:2.3:a:4homepages:4images:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:4homepages:4images:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:4homepages:4images:1.7.3:*:*:*:*:*:*:*

cpe:2.3:a:4homepages:4images:1.7.4:*:*:*:*:*:*:*

cpe:2.3:a:4homepages:4images:1.7.5:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01296

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-7p5m-cccg-gq8j

github

почти 4 года назад