CVE-2009-1677
Last modified
CVE-2009-1677 is a vulnerability of currently unknown severity. Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/boards_rss.php, and might allow (2) remote attackers to inject arbitrary PHP code into files via the HTTP Host header in a request to boards/boards_rss.php.. EPSS estimates a 2.13% chance of exploitation in the next 30 days.
Description
Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/boards_rss.php, and might allow (2) remote attackers to inject arbitrary PHP code into files via the HTTP Host header in a request to boards/boards_rss.php.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Bitweaver | Bitweaver | <= 2.6 |
| Bitweaver | Bitweaver | 1.1 |
| Bitweaver | Bitweaver | 1.1.1_beta |
| Bitweaver | Bitweaver | 1.2.1 |
| Bitweaver | Bitweaver | 1.3 |
| Bitweaver | Bitweaver | 1.3.1 |
| Bitweaver | Bitweaver | 2.0.0 |
| Bitweaver | Bitweaver | 2.0.2 |
| Bitweaver | Bitweaver | 2.5 |
References
- http://secunia.com/advisories/35057Vendor Advisory
- http://secunia.com/advisories/35057Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-1677?
How severe is CVE-2009-1677?
How do I fix CVE-2009-1677?
Are you affected by CVE-2009-1677?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST