PT-2009-3957 · Malleo · Malleo
Published
2009-04-28
·
Updated
2018-10-10
·
CVE-2009-1456
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Malleo version 1.2.3
Description
A directory traversal issue exists in the admin.php file, allowing remote authenticated administrators to include and execute arbitrary local files by using a .. (dot dot) in the
module parameter.Recommendations
For Malleo version 1.2.3, consider restricting access to the admin.php file and the
module parameter to minimize the risk of exploitation until a patch is available.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Malleo