CVE-2009-4434

IDevSpot iSupport <1.8 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Stink & Essandre · textwebappsphp

https://www.exploit-db.com/exploits/10478

View Code ZIP pw:eip

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/0912-exploits/isupport-lfixss.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/61110

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/10478

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37726

Scores

EPSS 0.0347

EPSS Percentile 87.6%

Details

CWE

CWE-22

Status published

Products (3)

idevspot/isupport 1.02

idevspot/isupport 1.06

idevspot/isupport < 1.8

Published Dec 28, 2009

Tracked Since Feb 18, 2026