CVE-2009-0514

{"id": "CVE-2009-0514", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2009-02-11T00:30:02.953", "references": [{"url": "http://www.securityfocus.com/bid/33701", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/8025", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/33701", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/8025", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in WebFrame 0.76 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) currentmod and (2) LANG parameters to mod/index.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en WebFrame v0.76 permite a atacantes remotos incluir y ejecutar ficheros locales a trav\u00e9s de secuencias de salto de directorio en los parametros (1) \"currentmod\" y (2) \"LANG\" en mod/index.php."}], "lastModified": "2024-11-21T01:00:06.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webframe:webframe:0.76:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5C39BEE-3BAF-44EB-BE3A-679CAAD8A461"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}