CVE-2009-2166
published 2009-06-22CVE-2009-2166: Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname…
PriorityP431medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.19%
86.5th percentile
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ocsinventory-server | < ocsinventory-server 1.02.1-1 (bookworm) | ocsinventory-server 1.02.1-1 (bookworm) |
| ocsinventory-ng | ocs_inventory_ng | <= 1.02 | — |
| ocsinventory-ng | ocs_inventory_ng | — | — |
| ocsinventory-ng | ocs_inventory_ng | — | — |
| ocsinventory-ng | ocs_inventory_ng | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2009-2166: ocsinventory-server - Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02...
vendor_debian·2009·CVSS 5.0
CVE-2009-2166 [MEDIUM] CVE-2009-2166: ocsinventory-server - Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02...
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
Scope: local
bookworm: resolved (fixed in 1.02.1-1)
bullseye: resolved (fixed in 1.02.1-1)
sid: resolved (fixed in 1.02.1-1)
GHSA
GHSA-6wjf-4944-xw92: Absolute path traversal vulnerability in cvs
ghsa_unreviewed·2022-05-02
CVE-2009-2166 [MEDIUM] CWE-22 GHSA-6wjf-4944-xw92: Absolute path traversal vulnerability in cvs
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
OSV
CVE-2009-2166: Absolute path traversal vulnerability in cvs
osv·2009-06-22·CVSS 5.0
CVE-2009-2166 [MEDIUM] CVE-2009-2166: Absolute path traversal vulnerability in cvs
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
No detection rules found.
No writeups or analysis indexed.
http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtmlhttp://www.securityfocus.com/archive/1/504047/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50946https://www.exploit-db.com/exploits/8868http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtmlhttp://www.securityfocus.com/archive/1/504047/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50946https://www.exploit-db.com/exploits/8868
2009-06-22
Published