CVE-2009-2353

EUVD-2009-2349
encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
eacceleratoreaccelerator
0.9.4
eacceleratoreaccelerator
0.9.5
eacceleratoreaccelerator
0.9.5:beta1
eacceleratoreaccelerator
0.9.5:beta2
eacceleratoreaccelerator
0.9.5:rc1
eacceleratoreaccelerator
0.9.5.1
eacceleratoreaccelerator
0.9.5.2
eacceleratoreaccelerator
0.9.5.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.mandriva.com/security/advisories?name=MDVSA-2009:188
http://www.securityfocus.com/archive/1/504695/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2009:188
http://www.securityfocus.com/archive/1/504695/100/0/threaded