CVE-2009-1278
published 2009-04-09CVE-2009-1278: Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.31%
81.2th percentile
Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gravityboardx | gravity_board_x | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pv87-7qqc-wcqm: Static code injection vulnerability in forms/ajax/configure
ghsa_unreviewed·2022-05-02
CVE-2009-1278 [HIGH] CWE-94 GHSA-pv87-7qqc-wcqm: Static code injection vulnerability in forms/ajax/configure
Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php.
Red Hat
lftp mirror --script does not escape names and targets of symbolic links
vendor_redhat·2007-01-09·CVSS 6.8
CVE-2007-2348 [MEDIUM] lftp mirror --script does not escape names and targets of symbolic links
lftp mirror --script does not escape names and targets of symbolic links
mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
Statement: This issue does not affect lftp as supplied with Red Hat Enterprise Linux 3.
This issue was addressed for Red Hat Enterprise Linux 5 by
https://rhn.redhat.com/errata/RHSA-2009-1278.html
The Red Hat Security Response Team has rated this issue as having low security impact, this issue will not fixed in Red Hat Enterprise Linux 4.
Package: lftp (Red Hat Enterprise
No detection rules found.
No writeups or analysis indexed.
2009-04-09
Published