Directory Traversal Vulnerability in webEdition by webEdition
CVE-2009-1222

Currently unrated

Key Information:

Vendor: Webedition
Status: Webedition
Vendor: CVE Published:; 2 April 2009

What is CVE-2009-1222?

A directory traversal vulnerability exists in the index.php file of webEdition versions 6.0.0.4 and earlier, which allows attackers to exploit this flaw when the register_globals setting is enabled and magic_quotes_gpc is disabled. By manipulating the WE_LANGUAGE parameter, remote attackers can potentially include and execute arbitrary files on the server, compromising system integrity and leading to unauthorized access to sensitive data.

References

http://www.securityfocus.com/bid/34323

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/8328

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/archive/1/502315/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2009
Vulnerability Reserved
Apr 2, 2009

JSON

Webedition

What is CVE-2009-1222?

References

Timeline