← Back

CVE-2009-2166

nvd nist
Published: Jun 22, 2009Modified: Apr 23, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.

Affected (11)

Ocsinventory Ng
1 product
Ocs Inventory Ng
Configuration A
11 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ocsinventory Ng
Ocs Inventory Ng
Up to 1.02
Ocs Inventory Ng
Version 1.01
Ocs Inventory Ng
Version 1.02 rc1
Ocs Inventory Ng
Version 1.02 rc2
Ocs Inventory Ng
Version 1.02 rc3
Ocs Inventory Ng
Version 1.0
Ocs Inventory Ng
Version 1.0 beta
Ocs Inventory Ng
Version 1.0 rc1
Ocs Inventory Ng
Version 1.0 rc2
Ocs Inventory Ng
Version 1.0 rc3-1
Ocs Inventory Ng
Version 1.0 rc3
Running on/withPlatform Versions
Unix
Unix
All versions

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (8)

Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.