PT-2009-3765 · Webedition · Webedition

Drosophila

Publicado

2009-04-02

Atualizado

2018-10-10

CVE-2009-1222

CVSS v2.0

5.1

Média

Vetor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions webEdition versions 6.0.0.4 and earlier

Description A directory traversal issue exists when register globals is enabled and magic quotes gpc is disabled, allowing remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE LANGUAGE parameter.

Recommendations For webEdition versions 6.0.0.4 and earlier, consider disabling the register globals setting and enabling magic quotes gpc to mitigate the risk of exploitation. Additionally, restrict access to the index.php file to minimize the risk of arbitrary file inclusion.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2009-1222

Produtos afetados

Webedition

PT-2009-3765 · Webedition · Webedition

CVE-2009-1222

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6