Vulnerability Description
Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitmixsoft | Php-Lance | 1.52 |
Related Weaknesses (CWE)
References
- http://osvdb.org/57246Exploit
- http://osvdb.org/57247Exploit
- http://www.exploit-db.com/exploits/9444
- http://osvdb.org/57246Exploit
- http://osvdb.org/57247Exploit
- http://www.exploit-db.com/exploits/9444
FAQ
What is CVE-2009-2923?
CVE-2009-2923 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in paramet...
How severe is CVE-2009-2923?
CVE-2009-2923 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2923?
Check the references section above for vendor advisories and patch information. Affected products include: Bitmixsoft Php-Lance.