Vulnerability Description
The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Razorcms | Razorcms | <= 0.3 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=full-disclosure&m=123990481506680&w=2Exploit
- http://marc.info/?l=full-disclosure&m=123998062108561&w=2Exploit
- http://razorcms.co.uk/support/viewtopic.php?f=13&t=325ExploitVendor Advisory
- http://www.securityfocus.com/bid/34566Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50358
- http://marc.info/?l=full-disclosure&m=123990481506680&w=2Exploit
- http://marc.info/?l=full-disclosure&m=123998062108561&w=2Exploit
- http://razorcms.co.uk/support/viewtopic.php?f=13&t=325ExploitVendor Advisory
- http://www.securityfocus.com/bid/34566Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50358
FAQ
What is CVE-2009-1462?
CVE-2009-1462 is a vulnerability with a CVSS score of 7.2 (HIGH). The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have ...
How severe is CVE-2009-1462?
CVE-2009-1462 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1462?
Check the references section above for vendor advisories and patch information. Affected products include: Razorcms Razorcms.