Vulnerability Description
Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the module_name parameter to admin/includes/FANCYNLOptions.php in the Fancy_NewsLetter module.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Magtrb | Aja Portal | 1.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/51708
- http://osvdb.org/51709
- http://secunia.com/advisories/33735Vendor Advisory
- http://www.securityfocus.com/bid/33565Exploit
- https://www.exploit-db.com/exploits/7939
- http://osvdb.org/51708
- http://osvdb.org/51709
- http://secunia.com/advisories/33735Vendor Advisory
- http://www.securityfocus.com/bid/33565Exploit
- https://www.exploit-db.com/exploits/7939
FAQ
What is CVE-2009-0457?
CVE-2009-0457 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to adm...
How severe is CVE-2009-0457?
CVE-2009-0457 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0457?
Check the references section above for vendor advisories and patch information. Affected products include: Magtrb Aja Portal.