Lucene search
HistoryMay 18, 2009 - 6:30 p.m.
CVE-2009-1678
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.8
Confidence
High
EPSS
0.008
Percentile
81.6%
Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a … (dot dot) in the version parameter to boards/boards_rss.php.
Affected configurations
Node
bitweaverbitweaverRange≤2.6
ORbitweaverbitweaverMatch1.1
ORbitweaverbitweaverMatch1.1.1_beta
ORbitweaverbitweaverMatch1.2.1
ORbitweaverbitweaverMatch1.3
ORbitweaverbitweaverMatch1.3.1
ORbitweaverbitweaverMatch2.0.0
ORbitweaverbitweaverMatch2.0.2
ORbitweaverbitweaverMatch2.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bitweaver | bitweaver | * | cpe:2.3:a:bitweaver:bitweaver:*:*:*:*:*:*:*:* |
| bitweaver | bitweaver | 1.1 | cpe:2.3:a:bitweaver:bitweaver:1.1:*:*:*:*:*:*:* |
| bitweaver | bitweaver | 1.1.1_beta | cpe:2.3:a:bitweaver:bitweaver:1.1.1_beta:*:*:*:*:*:*:* |
| bitweaver | bitweaver | 1.2.1 | cpe:2.3:a:bitweaver:bitweaver:1.2.1:*:*:*:*:*:*:* |
| bitweaver | bitweaver | 1.3 | cpe:2.3:a:bitweaver:bitweaver:1.3:*:*:*:*:*:*:* |
| bitweaver | bitweaver | 1.3.1 | cpe:2.3:a:bitweaver:bitweaver:1.3.1:*:*:*:*:*:*:* |
| bitweaver | bitweaver | 2.0.0 | cpe:2.3:a:bitweaver:bitweaver:2.0.0:*:*:*:*:*:*:* |
| bitweaver | bitweaver | 2.0.2 | cpe:2.3:a:bitweaver:bitweaver:2.0.2:*:*:*:*:*:*:* |
| bitweaver | bitweaver | 2.5 | cpe:2.3:a:bitweaver:bitweaver:2.5:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2009-1678
2009-05-18 18:30:01
prion
prion
Directory traversal
2009-05-18 18:30:00
cvelist
cvelist
CVE-2009-1678
2009-05-18 18:00:00
openvas
openvas
Bitweaver Directory Traversal And Code Injection Vulnerabilities
2009-05-26 00:00:00
exploitdb
exploitdb
Bitweaver 2.6 - 'saveFeed()' Remote Code Execution
2009-05-12 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.8
Confidence
High
EPSS
0.008
Percentile
81.6%
Related for NVD:CVE-2009-1678