JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:L/AC:M/Au:N/C:C/I:C/A:C
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Jbmc-software |
|
Configuration 1 [-]
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-05-05T20:00:00Z
Updated: 2024-09-16T20:17:02.921Z
Reserved: 2009-05-05T00:00:00Z
Link: CVE-2009-1526
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2009-05-05T20:30:00.297
Modified: 2010-03-29T04:00:00.000
Link: CVE-2009-1526
Redhat
No data.