Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3830Improper Input Validation in Microsoft Sharepoint Server

CWE-20Improper Input Validation4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
64.2%
top 1.55%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Sharepoint Server
Timeline
PublishedOct 30
Latest updateMay 2

Description

The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-r5qq-f9fv-hh53: The download functionality in Team Services in Microsoft Office SharePoint Server 2007 122022-05-02
CVEList
CVE-2009-3830: The download functionality in Team Services in Microsoft Office SharePoint Server 2007 122009-10-30

💥Exploits & PoCs

1
Exploit-DB
SharePoint 2007 - Team Services Source Code Disclosure2009-10-26
CVE-2009-3830 — Improper Input Validation in Microsoft | cvebase