CVE-2009-1226

core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
podcast_generatorpodcast_generator
𝑥
≤ 1.1
podcast_generatorpodcast_generator
0.6
podcast_generatorpodcast_generator
0.8
podcast_generatorpodcast_generator
0.9
podcast_generatorpodcast_generator
0.81
podcast_generatorpodcast_generator
0.91
podcast_generatorpodcast_generator
0.92
podcast_generatorpodcast_generator
0.93
podcast_generatorpodcast_generator
0.94
podcast_generatorpodcast_generator
0.95
podcast_generatorpodcast_generator
0.96
podcast_generatorpodcast_generator
0.96.2
podcast_generatorpodcast_generator
1.0
podcast_generatorpodcast_generator
1.0:beta_2
podcast_generatorpodcast_generator
1.0_beta:_beta
podcast_generatorpodcast_generator
1.0_beta2:_beta2
podcast_generatorpodcast_generator
1.0_beta3:_beta3
podcast_generatorpodcast_generator
1.0_beta4:_beta4
podcast_generatorpodcast_generator
1.0_beta4a:_beta4a
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/34555
http://www.securityfocus.com/bid/34317
https://www.exploit-db.com/exploits/8324
http://secunia.com/advisories/34555
http://www.securityfocus.com/bid/34317
https://www.exploit-db.com/exploits/8324