CVE-2009-1222
NONE EPSS 78.6%
Published Apr 2, 200917y ago · Modified Jun 16, 20262w ago
Published Apr 2, 2009 17y ago
Last Modified Jun 16, 2026 2w ago
Description
Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter.
Threat Intelligence
EPSS Exploit Probability
78.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| webedition | webedition | 6.0.0.4 | any |
References 5
- secunia.com http://secunia.com/advisories/34518
- securityfocus.com http://www.securityfocus.com/archive/1/502315/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/34323
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/49530
- exploit-db.com https://www.exploit-db.com/exploits/8328
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.