PT-2009-2956 · Sir · Sir Gnuboard

Flyh4T

Published

2009-01-27

Updated

2017-09-29

CVE-2009-0290

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SIR GNUBoard version 4.31.03

Description A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files by using a .. (dot dot) in the g4 path parameter. In certain environments, this could potentially be used for remote code execution via a data: URI or a UNC share pathname.

Recommendations For SIR GNUBoard version 4.31.03, consider restricting access to the g4 path parameter to prevent directory traversal attacks until a patch is available. As a temporary workaround, avoid using the g4 path parameter with untrusted input.

Exploit

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2009-0290

Affected Products

Sir Gnuboard

PT-2009-2956 · Sir · Sir Gnuboard

CVE-2009-0290

Weakness Enumeration

Related Identifiers

Affected Products

References · 6