Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-2444

Опубликовано: 13 июл. 2009
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter to setup/index.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:adbnewssender:adbnewssender:*:*:*:*:*:*:*:*
Версия до 1.5.5 (включая)
cpe:2.3:a:adbnewssender:adbnewssender:1.0:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.1:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:2.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:2.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:2.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:2.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:adbnewssender:adbnewssender:2.0:rc1:*:*:*:*:*:*

EPSS

Процентиль: 75%
0.00897
Низкий

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

github логотип

GHSA-c794-94g7-5hfq

github
почти 4 года назад

Directory traversal vulnerability in maillinglist/setup/step1.php.inc in ADbNewsSender before 1.5.6, and 2.0 before RC2, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter to setup/index.php.

EPSS

Процентиль: 75%
0.00897
Низкий

7.5 High

CVSS2

Дефекты

CWE-22