CVE-2009-1226

Podcast Generator < 1.1 - Access Control

Title source: rule

Description

core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackHawk · phpwebappsphp

https://www.exploit-db.com/exploits/8324

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://secunia.com/advisories/34555

[Exploit] http://www.securityfocus.com/bid/34317

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8324

Scores

EPSS 0.0408

EPSS Percentile 88.6%

Details

CWE

CWE-264

Status published

Products (18)

podcast_generator/podcast_generator 0.6

podcast_generator/podcast_generator 0.8

podcast_generator/podcast_generator 0.9

podcast_generator/podcast_generator 0.81

podcast_generator/podcast_generator 0.91

podcast_generator/podcast_generator 0.92

podcast_generator/podcast_generator 0.93

podcast_generator/podcast_generator 0.94

podcast_generator/podcast_generator 0.95

podcast_generator/podcast_generator 0.96

... and 8 more

Published Apr 02, 2009

Tracked Since Feb 18, 2026