CVE-2009-1318

critical

Description

Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter.

References

https://www.exploit-db.com/exploits/8423

https://exchange.xforce.ibmcloud.com/vulnerabilities/49869

http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1470

Details

Source: Mitre, NVD

Published: 2009-04-17

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.01269