CVE-2009-0729

high

Description

Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 Basic and Pro allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the fPrefix parameter to (1) modules/recent_poll_include.php, (2) modules/login_include.php, and (3) modules/statistics_include.php and (4) configuration.inc.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/48856

http://www.securityfocus.com/bid/33860

http://secunia.com/advisories/33983

http://osvdb.org/52178

http://osvdb.org/52177

http://osvdb.org/52176

http://osvdb.org/52175

Details

Source: Mitre, NVD

Published: 2009-02-24

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00288