exploitDog

CVE-2009-5068

Опубликовано: 15 янв. 2020

Источник: nvd

CVSS3: 7.2

CVSS2: 3.5

EPSS Низкий

Описание

There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.

Ссылки

http://www.openwall.com/lists/oss-security/2013/02/01/4
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/02/01/4
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simplemachines:simple_machines_forum:*:*:*:*:*:*:*:*

Версия до 2.0.3 (включая)

EPSS

Процентиль: 87%

0.03271

Низкий

7.2 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-312

Связанные уязвимости

GHSA-hw49-57p9-2mh2

CVSS3: 7.2

github

почти 4 года назад

There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.

EPSS

Процентиль: 87%

0.03271

Низкий

7.2 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-312