Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1846

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-1846
Last Modified 02 Jun 2009 12:00:00
Published 01 Jun 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1846

Summary

Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the THEME_FOLDER parameter to (1) Corporate/homepage.php, (2) Fusion/homepage.php, (3) Joombo/homepage.php, (4) Streamline/homepage.php, and (5) Structure/homepage.php in themes/.

Vulnerable Systems

Application

  • Bjsintay Sitex 0.6.4 Beta

  • Bjsintay Sitex 0.7 Beta

  • Bjsintay Sitex 0.7.1 Beta

  • Bjsintay Sitex 0.7.2 Beta

  • Bjsintay Sitex 0.7.3

  • Bjsintay Sitex 0.7.3 Beta

  • Bjsintay Sitex 0.7.4

  • Bjsintay Sitex 0.7.4 Beta


References

BID - 35122

MILW0RM - 8816


Last Updated: 27 May 2016 10:50:42