Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-2007

Published: 08/06/2009 Updated: 17/08/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Dokeos

Vulnerability Summary

Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote malicious users to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a .. (dot dot) in the doc_url parameter to main/exercice/Hpdownload.php.

Vulnerable Product Search on Vulmon Subscribe to Product

dokeos dokeos 1.8.5

References

CWE-22http://gsasec.blogspot.com/2009/05/dokeos-free-185-multiple.htmlhttp://www.vupen.com/english/advisories/2009/1300http://www.securityfocus.com/bid/34928http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8http://secunia.com/advisories/34879https://exchange.xforce.ibmcloud.com/vulnerabilities/50503https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook