CVE-2009-4435
published 2009-12-28CVE-2009-4435: Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.01%
78.5th percentile
Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| compmaster.prv.pl | f3site | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
F3Site 2009 - '/mod/poll.php?GLOBALS[nlang]' Traversal Local File Inclusion
exploitdb·2009-12-18
CVE-2009-4435 F3Site 2009 - '/mod/poll.php?GLOBALS[nlang]' Traversal Local File Inclusion
F3Site 2009 - '/mod/poll.php?GLOBALS[nlang]' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/37408/info
F3Site is prone to multiple local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
F3Site 2009 is vulnerable; other versions may also be affected.
http://www.example.com/mod/poll.php?GLOBALS[nlang]=[LFI%00]
Exploit-DB
F3Site 2009 - '/mod/new.php?GLOBALS[nlang]' Traversal Local File Inclusion
exploitdb·2009-12-18
CVE-2009-4435 F3Site 2009 - '/mod/new.php?GLOBALS[nlang]' Traversal Local File Inclusion
F3Site 2009 - '/mod/new.php?GLOBALS[nlang]' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/37408/info
F3Site is prone to multiple local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
F3Site 2009 is vulnerable; other versions may also be affected.
http://www.example.com/mod/new.php?GLOBALS[nlang]=[LFI%00]
No writeups or analysis indexed.
http://packetstormsecurity.org/0912-exploits/f3site2009-lfi.txthttp://www.exploit-db.com/exploits/10536http://www.securityfocus.com/bid/37408https://exchange.xforce.ibmcloud.com/vulnerabilities/54908http://packetstormsecurity.org/0912-exploits/f3site2009-lfi.txthttp://www.exploit-db.com/exploits/10536http://www.securityfocus.com/bid/37408https://exchange.xforce.ibmcloud.com/vulnerabilities/54908
2009-12-28
Published