CyberSec.Space Logo
返回 CVE 浏览器

CVE-2009-3760

HIGH
7.5
CVSS Severity Score
EPSS Score0.0190%
EPSS Percentile41.51th
Published2009年10月22日
Last Modified2026年4月23日

Vulnerability Description

Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦
Citrix

Xencenterweb

All versions

References & Advisories

🔗 http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt
🔗 http://securitytracker.com/id?1022520
🔗 http://www.exploit-db.com/exploits/9106
🔗 http://www.securityfocus.com/archive/1/504764
🔗 http://www.securityfocus.com/bid/35592
🔗 http://www.vupen.com/english/advisories/2009/1814
🔗 http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt
🔗 http://securitytracker.com/id?1022520

相关漏洞威胁

CVE-2009-37598.8

Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb all...

CVE-2009-37587.5

SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attacke...

CVE-2009-37574.3

Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remo...

CVE-2009-049210.0

Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerabilit...