CVE-2009-2115

admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:C/I:N/A:N

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/35478	Vendor Advisory
http://www.securityfocus.com/archive/1/504302/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/51164
http://secunia.com/advisories/35478	Vendor Advisory
http://www.securityfocus.com/archive/1/504302/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/51164

Configurations

Configuration 1 (hide)

cpe:2.3:a:skybluecanvas:skybluecanvas:1.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:04

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/35478 - Vendor Advisory~~	() http://secunia.com/advisories/35478 - Vendor Advisory
References	~~() http://www.securityfocus.com/archive/1/504302/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/504302/100/0/threaded -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/51164 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/51164 -

Information

Published : 2009-06-18 21:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-2115

Mitre link : CVE-2009-2115

CVE.ORG link : CVE-2009-2115

JSON object : View

Products Affected

skybluecanvas

skybluecanvas

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2009-2115", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-06-18T21:30:00.327", "references": [{"url": "http://secunia.com/advisories/35478", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/504302/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51164", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35478", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/504302/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51164", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message."}, {"lang": "es", "value": "admin.php en SkyBlueCanvas v1.1 r237 permite a administradores remotos autenticados conseguir informaci\u00f3n sensible a trav\u00e9s de un par\u00e1metro id no v\u00e1lido, lo que revela el path de instalaci\u00f3n en un mensaje de error."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:skybluecanvas:skybluecanvas:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3911B26-8926-4D53-ABFE-6BC2054C26C4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}