7.5
CVE-2009-4465
- EPSS 2.37%
- Veröffentlicht 30.12.2009 20:00:01
- Zuletzt bearbeitet 16.06.2026 23:13:43
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) templates/ including (2) templates/deluxe/admincp/, (3) templates/corporate/admincp/, and (4) templates/blue/admincp/; (5) images/; (6) logs/ including (7) logs/cp.php; (8) wysiwyg/; (9) docs/; (10) classes/; (11) lang/; and (12) settings/.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.37% | 0.816 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://www.exploit-db.com/exploits/10598
http://www.securityfocus.com/bid/37448
https://exchange.xforce.ibmcloud.com/vulnerabilities/54975
https://exchange.xforce.ibmcloud.com/vulnerabilities/54977
https://exchange.xforce.ibmcloud.com/vulnerabilities/54978