Lucene search

[email protected]CVE-2009-4421

HistoryDec 24, 2009 - 5:30 p.m.

CVE-2009-4421

2009-12-2417:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2009

4421

directory traversal

vulnerability

simple php blog

remote

authenticated

execute

arbitrary

local files

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.3%

JSON

Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a … (dot dot) in the blog_language1 parameter.

Affected configurations

NVD

Node

alexander_palmosimple_php_blogRange≤0.5.1

alexander_palmosimple_php_blogMatch0.3.7c

alexander_palmosimple_php_blogMatch0.4.0

alexander_palmosimple_php_blogMatch0.4.5

alexander_palmosimple_php_blogMatch0.4.6

alexander_palmosimple_php_blogMatch0.4.7

alexander_palmosimple_php_blogMatch0.4.7.1

alexander_palmosimple_php_blogMatch0.5.0.1

CPENameOperatorVersion
alexander_palmo:simple_php_blogalexander palmo simple php blogle0.5.1
alexander_palmo:simple_php_blogalexander palmo simple php blogeq0.3.7c
alexander_palmo:simple_php_blogalexander palmo simple php blogeq0.4.0
alexander_palmo:simple_php_blogalexander palmo simple php blogeq0.4.5
alexander_palmo:simple_php_blogalexander palmo simple php blogeq0.4.6
alexander_palmo:simple_php_blogalexander palmo simple php blogeq0.4.7
alexander_palmo:simple_php_blogalexander palmo simple php blogeq0.4.7.1
alexander_palmo:simple_php_blogalexander palmo simple php blogeq0.5.0.1

CPE	Name	Operator	Version
alexander_palmo:simple_php_blog	alexander palmo simple php blog	le	0.5.1
alexander_palmo:simple_php_blog	alexander palmo simple php blog	eq	0.3.7c
alexander_palmo:simple_php_blog	alexander palmo simple php blog	eq	0.4.0
alexander_palmo:simple_php_blog	alexander palmo simple php blog	eq	0.4.5
alexander_palmo:simple_php_blog	alexander palmo simple php blog	eq	0.4.6
alexander_palmo:simple_php_blog	alexander palmo simple php blog	eq	0.4.7
alexander_palmo:simple_php_blog	alexander palmo simple php blog	eq	0.4.7.1
alexander_palmo:simple_php_blog	alexander palmo simple php blog	eq	0.5.0.1

References

archives.neohapsis.com/archives/fulldisclosure/2009-12/0398.html

www.securityfocus.com/archive/1/508546/100/0/threaded

www.securityfocus.com/bid/37434

exchange.xforce.ibmcloud.com/vulnerabilities/54970

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.3%

JSON

Related for CVE-2009-4421

prion1 nvd1 cvelist1