7.5
CVE-2009-1226
- EPSS 2.35%
- Veröffentlicht 02.04.2009 15:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:48
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Logincore/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Podcast Generator ≫ Podcast Generator Version <= 1.1
Podcast Generator ≫ Podcast Generator Version0.6
Podcast Generator ≫ Podcast Generator Version0.8
Podcast Generator ≫ Podcast Generator Version0.9
Podcast Generator ≫ Podcast Generator Version0.81
Podcast Generator ≫ Podcast Generator Version0.91
Podcast Generator ≫ Podcast Generator Version0.92
Podcast Generator ≫ Podcast Generator Version0.93
Podcast Generator ≫ Podcast Generator Version0.94
Podcast Generator ≫ Podcast Generator Version0.95
Podcast Generator ≫ Podcast Generator Version0.96
Podcast Generator ≫ Podcast Generator Version0.96.2
Podcast Generator ≫ Podcast Generator Version1.0
Podcast Generator ≫ Podcast Generator Version1.0 Updatebeta_2
Podcast Generator ≫ Podcast Generator Version1.0_beta
Podcast Generator ≫ Podcast Generator Version1.0_beta2
Podcast Generator ≫ Podcast Generator Version1.0_beta3
Podcast Generator ≫ Podcast Generator Version1.0_beta4
Podcast Generator ≫ Podcast Generator Version1.0_beta4a
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.35% | 0.815 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://secunia.com/advisories/34555
http://www.securityfocus.com/bid/34317
https://www.exploit-db.com/exploits/8324