CVE-2009-4091

comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/21390	Vendor Advisory
http://www.exploit-db.com/exploits/10180
http://www.securityfocus.com/bid/37063	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/54355
http://secunia.com/advisories/21390	Vendor Advisory
http://www.exploit-db.com/exploits/10180
http://www.securityfocus.com/bid/37063	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/54355

Configurations

Configuration 1 (hide)

cpe:2.3:a:simplog:simplog:0.9.3.2:*:*:*:*:*:*:*

History

21 Nov 2024, 01:08

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/21390 - Vendor Advisory~~	() http://secunia.com/advisories/21390 - Vendor Advisory
References	~~() http://www.exploit-db.com/exploits/10180 -~~	() http://www.exploit-db.com/exploits/10180 -
References	~~() http://www.securityfocus.com/bid/37063 - Exploit~~	() http://www.securityfocus.com/bid/37063 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/54355 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/54355 -

Information

Published : 2009-11-29 13:07

Updated : 2024-11-21 01:08

NVD link : CVE-2009-4091

Mitre link : CVE-2009-4091

CVE.ORG link : CVE-2009-4091

JSON object : View

Products Affected

simplog

simplog

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2009-4091", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-11-29T13:07:34.920", "references": [{"url": "http://secunia.com/advisories/21390", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/10180", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/37063", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54355", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21390", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/10180", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/37063", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54355", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action."}, {"lang": "es", "value": "comments.php en Simlog v0.9.3.2, y posiblemente anteriores, no restringen el acceso de forma adecuada, lo que permite a atacantes remotos editar o eliminar comentarios a trav\u00e9s de acciones (1) edit o (2) del."}], "lastModified": "2024-11-21T01:08:54.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:simplog:simplog:0.9.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D314CECE-7B00-4223-A237-ABFFD8E4A28E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}