Vulnerability Details : CVE-2009-1526
JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.
Products affected by CVE-2009-1526
- cpe:2.3:a:jbmc-software:directadmin:*:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.301:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.266:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.292:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.302:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.111:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.161:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.181:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.201:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.202:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.211:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.212:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.225:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.226:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.241:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.242:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.254:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.255:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.27:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.273:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.291:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.294:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.312:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.313:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.332:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.293:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.281:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.08:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.081:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.172:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.173:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.193:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.1941:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.205:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.206:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.221:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.222:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.232:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.233:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.25:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.251:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.262:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.263:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.28:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.282:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.285:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.297:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.321:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.151:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.152:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.174:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.1741:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.195:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.196:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.207:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.223:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.224:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.234:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.235:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.24:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.252:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.253:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.264:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.265:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.286:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.29:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.31:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.311:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.322:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.323:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.331:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.07:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.121:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.171:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.192:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.203:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.204:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.213:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.23:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.231:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.243:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.244:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.26:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.261:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.274:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.275:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.295:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.296:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.314:*:*:*:*:*:*:*
- cpe:2.3:a:jbmc-software:directadmin:1.315:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1526
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1526
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2009-1526
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1526
Jump to