Bitweaver : Security Vulnerabilities, CVEs, Published In 2009 CVSS score >= 4

CVE-2009-1678

Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the version parameter to boards/boards_rss.php.
Max CVSS
7.5
EPSS Score
0.79%
Published
2009-05-18
Updated
2017-09-29

CVE-2009-1677

Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/boards_rss.php, and might allow (2) remote attackers to inject arbitrary PHP code into files via the HTTP Host header in a request to boards/boards_rss.php.
Max CVSS
6.5
EPSS Score
0.37%
Published
2009-05-18
Updated
2017-09-29
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close