CVE-2009-1462

The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
razorcmsrazorcms
𝑥
≤ 0.3
razorcmsrazorcms
0.2
razorcmsrazorcms
0.3:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://marc.info/?l=full-disclosure&m=123990481506680&w=2
http://marc.info/?l=full-disclosure&m=123998062108561&w=2
http://razorcms.co.uk/support/viewtopic.php?f=13&t=325
http://www.securityfocus.com/bid/34566
https://exchange.xforce.ibmcloud.com/vulnerabilities/50358
http://marc.info/?l=full-disclosure&m=123990481506680&w=2
http://marc.info/?l=full-disclosure&m=123998062108561&w=2
http://razorcms.co.uk/support/viewtopic.php?f=13&t=325
http://www.securityfocus.com/bid/34566
https://exchange.xforce.ibmcloud.com/vulnerabilities/50358