Directory Traversal Vulnerability in MyBackup by MyBackup Technologies
CVE-2009-4978

Currently unrated

Key Information:

Vendor

Tufat

Status
Mybackup
Vendor
CVE Published:
25 August 2010

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2009-4978?

A directory traversal vulnerability exists in the MyBackup 1.4.0 product, specifically within the down.php script. This flaw enables remote attackers to manipulate the filename parameter, using the '../' sequence to access and read arbitrary files on the server. Such unauthorized access can lead to exposure of sensitive data, raising significant security concerns for the affected systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-4978 - Proof of Concept

References

http://www.exploit-db.com/exploits/9365
exploitx_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2009/2165
vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/36106
third-party-advisoryx_refsource_SECUNIA

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.