CVEブラウザに戻る

CVE-2009-1314

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0490%

EPSS Percentile23.05th

Published2009年4月17日

Last Modified2026年4月23日

Vulnerability Description

body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.

Affected Platforms (CPE)

📦

Webfileexplorer

Web File Explorer

= 3.1

References & Advisories

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/50389

🔗 https://www.exploit-db.com/exploits/8382

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/50389

🔗 https://www.exploit-db.com/exploits/8382

関連する脆弱性情報

CVE-1999-034710.0

Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javasc...

CVE-2009-25009.3

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Micros...

CVE-2008-44999.3

Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute a...

CVE-2009-25019.3

Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2...