PT-2009-4582 · Elvin · Elvin

Sirgod

Published

2009-06-19

Updated

2017-09-29

CVE-2009-2130

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Elvin version 1.2.0

Description The issue allows remote attackers to read the PHP source code of certain files, including login.ei, jump bug.ei, and create account.ei, located in the inc/ directory, by making a direct request.

Recommendations For Elvin version 1.2.0, consider restricting direct access to the inc/ directory to prevent reading of PHP source code. As a temporary workaround, restrict access to the vulnerable files login.ei, jump bug.ei, and create account.ei until a patch is available.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2009-2130

Affected Products

Elvin

PT-2009-4582 · Elvin · Elvin

CVE-2009-2130

Weakness Enumeration

Related Identifiers

Affected Products

References · 2