CVE-2009-1774: Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via...

Description

Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information.

Metrics

EPSS Probability

17.90%

96.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions
Strawberry	Strawberry	1.1.1

References

Timeline

Published: May 22, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-1774?

Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information.

How severe is CVE-2009-1774?

Severity scoring for CVE-2009-1774 is pending analysis. The EPSS model estimates a 17.90% probability of exploitation in the next 30 days.

How do I fix CVE-2009-1774?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.