CVE-2009-0457

HIGH Year: 2009
CVSS v2 Score
7.5
High
Weakness Type
CWE-22
View all →

Vulnerability Description

Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the module_name parameter to admin/includes/FANCYNLOptions.php in the Fancy_NewsLetter module.

Related Vulnerabilities

CVE-2017-12815

CRITICAL
CVSS:10.0(Critical)

Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar ...

CWE-222017

CVE-2019-18253

CRITICAL
CVSS:10.0(Critical)

An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the...

CWE-222019

CVE-2020-29495

CRITICAL
CVSS:10.0(Critical)

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, le...

CWE-222020

CVE-2022-1992

CRITICAL
CVSS:10.0(Critical)

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

CWE-222022

CVE-2023-2909

CRITICAL
CVSS:10.0(Critical)

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2...

CWE-222023

CVE-2023-6015

CRITICAL
CVSS:10.0(Critical)

MLflow allowed arbitrary files to be PUT onto the server.

CWE-222023