Zurück zur CVE-Übersicht
CVE-2009-2177
MEDIUM(6.8)AV:N/AC:M/Au:N/C:P/I:P/A:P
Risk Signal Score18/100 — NIEDRIG
- CVSS 6.8 — Mittel
EPSS-Score
4%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
6.8
Technische Schwere
Beschreibung
code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value.
Referenzen
- http://osvdb.org/55184
- http://secunia.com/advisories/35489
- http://www.securityfocus.com/bid/35418
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51206
- https://www.exploit-db.com/exploits/8978
- http://osvdb.org/55184
- http://secunia.com/advisories/35489
- http://www.securityfocus.com/bid/35418
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51206
- https://www.exploit-db.com/exploits/8978