CVE-2009-2931
SlideShowPro Director 1.1-1.3.8 - Path Traversal via p.php a Parameter
Title source: llmDescription
Directory traversal vulnerability in p.php in SlideShowPro Director 1.1 through 1.3.8 allows remote attackers to read arbitrary files via directory traversal sequences in the a parameter.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/56825
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36197
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/505534/100/0/threaded
Vendor Advisory x_refsource_confirm
http://slideshowpro.net/news/archive/2009/07/director-139-fi.php
Various Sources x_refsource_misc
http://www.clearskies.net/documents/css-advisory-css09001-sspdirector.pdf
Scores
EPSS
0.0187
EPSS Percentile
76.8%
Details
CWE
CWE-22
Status
published
Products (4)
slideshowpro/director
1.1
slideshowpro/director
1.2
slideshowpro/director
1.3
slideshowpro/director
1.3.8
Published
Aug 21, 2009
Tracked Since
Feb 18, 2026