CVE-2009-4957

Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.exploit-db.com/exploits/8346
http://www.securityfocus.com/bid/34362	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/49646
http://www.exploit-db.com/exploits/8346
http://www.securityfocus.com/bid/34362	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/49646

Configurations

Configuration 1 (hide)

cpe:2.3:a:interspire:activekb:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:10

Type	Values Removed	Values Added
References	~~() http://www.exploit-db.com/exploits/8346 -~~	() http://www.exploit-db.com/exploits/8346 -
References	~~() http://www.securityfocus.com/bid/34362 - Exploit~~	() http://www.securityfocus.com/bid/34362 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/49646 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/49646 -

Information

Published : 2010-07-22 18:30

Updated : 2025-04-11 00:51

NVD link : CVE-2009-4957

Mitre link : CVE-2009-4957

CVE.ORG link : CVE-2009-4957

JSON object : View

Products Affected

interspire

activekb

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2009-4957", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-07-22T18:30:03.127", "references": [{"url": "http://www.exploit-db.com/exploits/8346", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/34362", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49646", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/8346", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/34362", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49646", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en loadpanel.php en Interspire ActiveKB permite a atacantes remotos leer ficheros de su elecci\u00f3n y probablemente tener otro impacto no especificado a trav\u00e9s de secuencias de salto de directorio en el par\u00e1metro \"Panel\"."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:interspire:activekb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "382F12F3-5FD3-4C14-8B42-D5582EAD51BE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10