Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2009-0286

Published: 27/01/2009 Updated: 29/09/2017
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 265
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Subscribe to Opengoo

Vulnerability Summary

Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

opengoo opengoo 1.1

Exploits

Exploit DB: OpenGoo 1.1 - Local File Inclusion
OpenGoo 11 Local File Inclusion wwwopengooorg/ magic_quotes_gpc = Off register_globals = On site/opengoo/public/upgrade/indexphp POST: form_data[script_class]=////////////etc/passwd%00html Author Notified: Jan 18 nukeitorg # milw0rmcom [2009-01-25] ...

References

CWE-22http://www.securityfocus.com/bid/33421http://osvdb.org/51635https://www.exploit-db.com/exploits/7863https://nvd.nist.govhttps://www.exploit-db.com/exploits/7863/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook