PT-2009-3769 · Unknown · Podcast Generator

Blackhawk

Published

2009-04-02

Updated

2017-09-29

CVE-2009-1226

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Podcast Generator versions 1.1 and earlier

Description The issue allows remote attackers to delete arbitrary files due to improper access restriction to administrative functions. This can be achieved via the file parameter.

Recommendations For Podcast Generator versions 1.1 and earlier, restrict access to the core/admin/delete.php file to prevent unauthorized deletion of files. As a temporary workaround, consider disabling the delete functionality in the administrative interface until a proper fix is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-1226

Affected Products

Podcast Generator

PT-2009-3769 · Unknown · Podcast Generator

CVE-2009-1226

Weakness Enumeration

Related Identifiers

Affected Products

References · 4