Lucene search
MitreCVE-2009-4887HistoryJun 11, 2010 - 2:30 p.m.
CVE-2009-4887
2010-06-1114:30:16
CWE-94
mitre
web.nvd.nist.gov
19
cve-2009-4887
remote code execution
php
security vulnerability
cms s.builder
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.007
Percentile
80.5%
PHP remote file inclusion vulnerability in index.php in CMS S.Builder 3.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in a binn_include_path cookie. NOTE: this can also be leveraged to include and execute arbitrary local files.
Affected configurations
Node
sbuildercms_s.builderRange≤3.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sbuilder | cms_s.builder | * | cpe:2.3:a:sbuilder:cms_s.builder:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2009-4887
2010-06-11 14:00:00
prion
prion
Remote file inclusion
2010-06-11 14:30:00
nvd
nvd
CVE-2009-4887
2010-06-11 14:30:16
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.007
Percentile
80.5%
Related for CVE-2009-4887