exploitDog

CVE-2009-3216

Опубликовано: 16 сент. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the module parameter to index.php.

Ссылки

http://secunia.com/advisories/36015
Vendor Advisory
http://www.exploit-db.com/exploits/9266
http://secunia.com/advisories/36015
Vendor Advisory
http://www.exploit-db.com/exploits/9266

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wiccle:iwiccle:1.01:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.0139

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-wrwm-4qrx-hh9h

github

почти 4 года назад

Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the module parameter to index.php.

EPSS

Процентиль: 80%

0.0139

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-22