Published: 26/10/2009 Updated: 13/02/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sahana sahana 0.6.2.2

source: wwwsecurityfocuscom/bid/36826/info Sahana is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input An attacker can exploit this vulnerability to obtain potentially sensitive information from local files on computers running the vulnerable application This may aid in further a ...

CWE-22 http://sourceforge.net/mailarchive/forum.php?thread_name=5d9043b70910191044l4bb0178fs563a5128a0f5db01%40mail.gmail.com&forum_name=sahana-maindev http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/www/index.php?r1=1.83&r2=1.84 http://www.openwall.com/lists/oss-security/2009/10/22/6 http://www.openwall.com/lists/oss-security/2009/10/22/3 https://bugzilla.redhat.com/show_bug.cgi?id=530255 https://fedorahosted.org/rel-eng/ticket/2635 http://www.securityfocus.com/bid/36826 https://nvd.nist.gov https://www.exploit-db.com/exploits/33308/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-3625

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect