CVE-2009-1678

Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the version parameter to boards/boards_rss.php.

Published: May 18, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1678
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
bitweaver / bitweaver	2.5	2.5.x
bitweaver / bitweaver	1.3	1.3.x
bitweaver / bitweaver	2.0.2	2.0.2.x
bitweaver / bitweaver	2.0.0	2.0.0.x
bitweaver / bitweaver	1.2.1	1.2.1.x
bitweaver / bitweaver	1.1	1.1.x
bitweaver / bitweaver	1.3.1	1.3.1.x
bitweaver / bitweaver	1.1.1_beta	1.1.1_beta.x
bitweaver / bitweaver	-	2.6.x

http://secunia.com/advisories/35057
http://www.securityfocus.com/archive/1/503435
http://www.securityfocus.com/bid/34910
https://www.exploit-db.com/exploits/8659

Vulnerability Database

291,049

CVE-2009-1678