Vulnerability CVE-2009-0729


Published: 2009-02-24   Modified: 2012-02-13

Description:
Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 Basic and Pro allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the fPrefix parameter to (1) modules/recent_poll_include.php, (2) modules/login_include.php, and (3) modules/statistics_include.php and (4) configuration.inc.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Lingx -> Page engine cms 

 References:
http://xforce.iss.net/xforce/xfdb/48856
http://www.securityfocus.com/bid/33860
http://secunia.com/advisories/33983
http://osvdb.org/52178
http://osvdb.org/52177
http://osvdb.org/52176
http://osvdb.org/52175

Copyright 2024, cxsecurity.com

 

Back to Top