CVE-2009-2931

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2009-2931
Directory traversal vulnerability in p.php in SlideShowPro Director 1.1 through 1.3.8 allows remote attackers to read arbitrary files via directory traversal sequences in the a parameter.

7.8 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www.osvdb.org/56825
http://www.clearskies.net/documents/css-advisory-css09001-sspdirector.pdf
http://secunia.com/advisories/36197 Vendor Advisory
http://slideshowpro.net/news/archive/2009/07/director-139-fi.php Vendor Advisory
http://www.securityfocus.com/archive/1/505534/100/0/threaded
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:slideshowpro:director:1.2:*:*:*:*:*:*:*
cpe:2.3:a:slideshowpro:director:1.3:*:*:*:*:*:*:*
cpe:2.3:a:slideshowpro:director:1.1:*:*:*:*:*:*:*
cpe:2.3:a:slideshowpro:director:1.3.8:*:*:*:*:*:*:*
Information

Published : 2009-08-21 13:30

Updated : 2018-10-10 12:42

NVD link : CVE-2009-2931

Mitre link : CVE-2009-2931

JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa
Products Affected

slideshowpro

  • director