CVE-2009-1846

Bjsintay Sitex < 0.7.4 - Path Traversal

Title source: rule
STIX 2.1

Description

Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the THEME_FOLDER parameter to (1) Corporate/homepage.php, (2) Fusion/homepage.php, (3) Joombo/homepage.php, (4) Streamline/homepage.php, and (5) Structure/homepage.php in themes/.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ahmadbady · textwebappsphp
https://www.exploit-db.com/exploits/8816

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35122
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8816

Scores

EPSS 0.0204
EPSS Percentile 83.9%

Details

CWE
CWE-22
Status published
Products (8)
bjsintay/sitex 0.6.4_beta
bjsintay/sitex 0.7.1_beta
bjsintay/sitex 0.7.2_beta
bjsintay/sitex 0.7.3
bjsintay/sitex 0.7.3_beta
bjsintay/sitex 0.7.4_beta
bjsintay/sitex 0.7_beta
bjsintay/sitex < 0.7.4
Published Jun 01, 2009
Tracked Since Feb 18, 2026