CVE-2009-2143 (GCVE-0-2009-2143)

Vulnerability from cvelistv5 – Published: 2009-06-22 14:00 – Updated: 2024-08-07 05:36
VLAI?
Summary
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://firestats.cc/wiki/ChangeLog#a1.6.2-stable1… x_refsource_CONFIRM
http://secunia.com/advisories/35400 third-party-advisoryx_refsource_SECUNIA
https://www.exploit-db.com/exploits/8945 exploitx_refsource_EXPLOIT-DB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:36:21.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009"
          },
          {
            "name": "35400",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35400"
          },
          {
            "name": "8945",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8945"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009"
        },
        {
          "name": "35400",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35400"
        },
        {
          "name": "8945",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8945"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2143",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009",
              "refsource": "CONFIRM",
              "url": "http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009"
            },
            {
              "name": "35400",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35400"
            },
            {
              "name": "8945",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8945"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2143",
    "datePublished": "2009-06-22T14:00:00",
    "dateReserved": "2009-06-22T00:00:00",
    "dateUpdated": "2024-08-07T05:36:21.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"847DA578-4655-477E-8A6F-99FBE738E4F9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:*:stable:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.6.1\", \"matchCriteriaId\": \"3864C442-3C86-4849-B578-82BF3B0EAF25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:0.9.0-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDE6D957-B6BC-48BB-8271-A8BE8CE7A16F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:0.9.1-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11F9730D-2D80-4980-BCDA-7D9C8A60C4C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:0.9.2-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8B30AC1-BED9-4AF2-8577-EE0ACCF6A381\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:0.9.3-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC277E53-0EA6-4724-B37B-8CD5AA906198\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:0.9.4-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6E2D9C9-7BFB-45F0-8392-32610DB22EBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:0.9.5-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7666EAE-155A-46CA-B680-C11A625CA554\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:0.9.6-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FE46205-1069-4EE2-9403-4051692C7EB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:0.9.7-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A59D6986-EF12-4D72-A4FF-12E56EE4D178\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:0.9.8-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1228D9C7-2113-46B0-A552-DF5C19B2E92D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:0.9.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CA097B0-1C72-405F-8A0B-741410AE2ED0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"563247B6-73E5-4244-8241-3F23C796A85A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.0.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F008C5BC-640F-4DB6-B348-453D9AE169C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.0.1:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAB57CB7-DD1C-4602-AF04-4B33A026EE1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.0.2:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"73F97B76-4A8D-46AA-9C8C-8F66209A8ECF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.0.2:stable:*:*:*:*:*:*\", \"matchCriteriaId\": \"31604ECC-AAB0-4703-859E-2C751EAFBD6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.1.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7E00CBE-AF27-4AA1-85D8-1B43175A8E23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.1.2:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"6928328B-B3D2-49CA-B316-9F4C8244E92B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.1.3:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AC31A7A-F7B6-42BE-92EB-BC80C6E6BBDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.1.3:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"79ED5467-41E3-47C3-861E-C3A4EAB68724\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.1.4:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"63B2FD18-E414-4C73-8FD4-530CBA220750\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.1.5:stable:*:*:*:*:*:*\", \"matchCriteriaId\": \"8291513A-E222-4C6D-AA9D-C0FE81A1DBE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.1.6:stable:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A7CD8AA-DE2D-4738-8F46-A860319AB99C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.1.7:stable:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0F809B6-D0D6-468D-9F5E-B70CA40D25DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.1.8:stable:*:*:*:*:*:*\", \"matchCriteriaId\": \"A28BBF25-6063-4D97-8108-6EC7099C33ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.2.0-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F20A5587-4C56-4F8F-A7D5-850F1CE893BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.2.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D64BC51F-DE97-4712-B80B-97D72B73BF1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.2.2:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C3DEF83-6DAA-4E84-9022-B52A9CD84352\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.2.3:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"32C2D594-ADE2-494B-B60F-13BF1139E59B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.2.4:stable:*:*:*:*:*:*\", \"matchCriteriaId\": \"76BC2452-4C98-4EA0-BE3C-2146C1BBA368\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.3.0-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B0ED678-74B6-4FCA-A841-96408EEA9005\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.3.1-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54302F44-00C0-4A28-A350-1F8FB05D9699\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.3.2-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7BAE293-DA65-45DC-81E5-7C7D44480517\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.3.3-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F93BABAE-B7A7-4B7F-8F3F-24AF206D26F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.3.4:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"67AF857D-A116-4C05-99DA-350C017EB665\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.3.5:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDFF47A8-6F99-4F2C-AFC4-5ACF69C451DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.3.6:stabe:*:*:*:*:*:*\", \"matchCriteriaId\": \"869E6E88-E159-446D-BEB3-585A88674B24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A40ED88-02AF-45F0-BB42-826789A16C04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.4.0-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC8E571E-16BA-476D-92B7-42FEC94CE925\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.4.1-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC9739F0-6748-4A86-9A71-94262F205BE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.4.2-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D97A6524-F671-47C1-A96A-5123158EE356\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.4.3:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"76DF36C4-5A50-4B85-BFA4-C1571036BD19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.4.4:stable:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF98BC94-B207-41E9-9BA2-F2F73C8A4008\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88A96892-379C-4583-B0F4-5457E82D9D75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.5.0-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7F94179-58C7-462E-882D-B94435CD907A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.5.1-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BB9F970-7307-4539-A1A0-2DD14D333A14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.5.2-beta:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8CA6FF0-CD5B-435C-ADD3-4C28293DE70D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.5.3:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3E66F67-951D-4104-AC1D-E6106C4197F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.5.4:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B14DE75-DCBF-4D29-AC8C-64B005A0BCF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.5.5:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"A881746E-715B-4186-9D25-33F8E25B8344\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.5.7:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B8F8A5D-A836-40B3-9069-7CB249C797BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.5.8:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B364FC45-77AC-4C0B-AA37-A97610F05FD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.5.9:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"D43B703A-73B9-40D0-93AA-22C1E04C8098\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.5.10:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFDDA5E1-AE01-4A24-A8EA-1EC7EAA71C4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.5.11:stable:*:*:*:*:*:*\", \"matchCriteriaId\": \"1269D6F0-7782-4B70-8A72-AC864A629257\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.5.12:stable:*:*:*:*:*:*\", \"matchCriteriaId\": \"B18F9AD0-6FD6-45B7-A686-C777F6EF46EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE568395-643C-4261-BCC2-CDDFCF44039E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F99809A-95DF-4066-9589-83885CBF4661\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.6.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0648CC68-2E6C-4BF9-A30B-9B5BEF72D705\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.6.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EE87737-44E2-4477-95E6-2199CCFC06DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.6.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A0B9641-0674-4E23-8436-30C6B7C4241B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.6.0:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"56A858FF-4F5D-409C-8DC8-65B1680AF220\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.6.0:stable:*:*:*:*:*:*\", \"matchCriteriaId\": \"09AD7D16-6A82-4AAE-B8F9-D74FACF5CF6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.6.0-beta1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34B435D3-AFAB-4A33-B9EC-9C647A615712\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.6.0-beta2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D85F8E8A-F19C-48FC-BFD3-B8DE60B2D1F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:firestats:firestats:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EECD5EA0-58F8-4A8C-8C55-C8504AFB1F45\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inclusi\\u00f3n de fichero remoto PHP en firestats-wordpress.ph del plugin FireStats de WordPress en sus versiones anteriores a 1.6.2-stable. Permite a usuarios remotos ejecutar c\\u00f3digo PHP de su elecci\\u00f3n a trav\\u00e9s de una URL en el par\\u00e1metro fs_javscript.\"}]",
      "id": "CVE-2009-2143",
      "lastModified": "2024-11-21T01:04:13.887",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-06-22T14:30:00.250",
      "references": "[{\"url\": \"http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35400\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/8945\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35400\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/8945\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2143\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-06-22T14:30:00.250\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inclusi\u00f3n de fichero remoto PHP en firestats-wordpress.ph del plugin FireStats de WordPress en sus versiones anteriores a 1.6.2-stable. Permite a usuarios remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de una URL en el par\u00e1metro fs_javscript.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"847DA578-4655-477E-8A6F-99FBE738E4F9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:*:stable:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.1\",\"matchCriteriaId\":\"3864C442-3C86-4849-B578-82BF3B0EAF25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:0.9.0-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDE6D957-B6BC-48BB-8271-A8BE8CE7A16F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:0.9.1-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11F9730D-2D80-4980-BCDA-7D9C8A60C4C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:0.9.2-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8B30AC1-BED9-4AF2-8577-EE0ACCF6A381\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:0.9.3-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC277E53-0EA6-4724-B37B-8CD5AA906198\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:0.9.4-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6E2D9C9-7BFB-45F0-8392-32610DB22EBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:0.9.5-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7666EAE-155A-46CA-B680-C11A625CA554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:0.9.6-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FE46205-1069-4EE2-9403-4051692C7EB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:0.9.7-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A59D6986-EF12-4D72-A4FF-12E56EE4D178\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:0.9.8-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1228D9C7-2113-46B0-A552-DF5C19B2E92D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:0.9.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CA097B0-1C72-405F-8A0B-741410AE2ED0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"563247B6-73E5-4244-8241-3F23C796A85A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F008C5BC-640F-4DB6-B348-453D9AE169C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.0.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAB57CB7-DD1C-4602-AF04-4B33A026EE1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.0.2:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"73F97B76-4A8D-46AA-9C8C-8F66209A8ECF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.0.2:stable:*:*:*:*:*:*\",\"matchCriteriaId\":\"31604ECC-AAB0-4703-859E-2C751EAFBD6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.1.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7E00CBE-AF27-4AA1-85D8-1B43175A8E23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.1.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6928328B-B3D2-49CA-B316-9F4C8244E92B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.1.3:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AC31A7A-F7B6-42BE-92EB-BC80C6E6BBDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.1.3:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"79ED5467-41E3-47C3-861E-C3A4EAB68724\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.1.4:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"63B2FD18-E414-4C73-8FD4-530CBA220750\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.1.5:stable:*:*:*:*:*:*\",\"matchCriteriaId\":\"8291513A-E222-4C6D-AA9D-C0FE81A1DBE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.1.6:stable:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A7CD8AA-DE2D-4738-8F46-A860319AB99C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.1.7:stable:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0F809B6-D0D6-468D-9F5E-B70CA40D25DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.1.8:stable:*:*:*:*:*:*\",\"matchCriteriaId\":\"A28BBF25-6063-4D97-8108-6EC7099C33ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.2.0-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F20A5587-4C56-4F8F-A7D5-850F1CE893BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.2.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D64BC51F-DE97-4712-B80B-97D72B73BF1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.2.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C3DEF83-6DAA-4E84-9022-B52A9CD84352\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.2.3:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"32C2D594-ADE2-494B-B60F-13BF1139E59B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.2.4:stable:*:*:*:*:*:*\",\"matchCriteriaId\":\"76BC2452-4C98-4EA0-BE3C-2146C1BBA368\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.3.0-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B0ED678-74B6-4FCA-A841-96408EEA9005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.3.1-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54302F44-00C0-4A28-A350-1F8FB05D9699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.3.2-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7BAE293-DA65-45DC-81E5-7C7D44480517\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.3.3-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F93BABAE-B7A7-4B7F-8F3F-24AF206D26F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.3.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"67AF857D-A116-4C05-99DA-350C017EB665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.3.5:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDFF47A8-6F99-4F2C-AFC4-5ACF69C451DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.3.6:stabe:*:*:*:*:*:*\",\"matchCriteriaId\":\"869E6E88-E159-446D-BEB3-585A88674B24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A40ED88-02AF-45F0-BB42-826789A16C04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.4.0-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC8E571E-16BA-476D-92B7-42FEC94CE925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.4.1-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC9739F0-6748-4A86-9A71-94262F205BE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.4.2-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D97A6524-F671-47C1-A96A-5123158EE356\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.4.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"76DF36C4-5A50-4B85-BFA4-C1571036BD19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.4.4:stable:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF98BC94-B207-41E9-9BA2-F2F73C8A4008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88A96892-379C-4583-B0F4-5457E82D9D75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.5.0-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7F94179-58C7-462E-882D-B94435CD907A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.5.1-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BB9F970-7307-4539-A1A0-2DD14D333A14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.5.2-beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8CA6FF0-CD5B-435C-ADD3-4C28293DE70D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.5.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E66F67-951D-4104-AC1D-E6106C4197F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.5.4:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B14DE75-DCBF-4D29-AC8C-64B005A0BCF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.5.5:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A881746E-715B-4186-9D25-33F8E25B8344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.5.7:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B8F8A5D-A836-40B3-9069-7CB249C797BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.5.8:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B364FC45-77AC-4C0B-AA37-A97610F05FD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.5.9:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D43B703A-73B9-40D0-93AA-22C1E04C8098\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.5.10:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFDDA5E1-AE01-4A24-A8EA-1EC7EAA71C4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.5.11:stable:*:*:*:*:*:*\",\"matchCriteriaId\":\"1269D6F0-7782-4B70-8A72-AC864A629257\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.5.12:stable:*:*:*:*:*:*\",\"matchCriteriaId\":\"B18F9AD0-6FD6-45B7-A686-C777F6EF46EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE568395-643C-4261-BCC2-CDDFCF44039E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F99809A-95DF-4066-9589-83885CBF4661\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.6.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0648CC68-2E6C-4BF9-A30B-9B5BEF72D705\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.6.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EE87737-44E2-4477-95E6-2199CCFC06DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.6.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A0B9641-0674-4E23-8436-30C6B7C4241B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.6.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"56A858FF-4F5D-409C-8DC8-65B1680AF220\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.6.0:stable:*:*:*:*:*:*\",\"matchCriteriaId\":\"09AD7D16-6A82-4AAE-B8F9-D74FACF5CF6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.6.0-beta1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34B435D3-AFAB-4A33-B9EC-9C647A615712\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.6.0-beta2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D85F8E8A-F19C-48FC-BFD3-B8DE60B2D1F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:firestats:firestats:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EECD5EA0-58F8-4A8C-8C55-C8504AFB1F45\"}]}]}],\"references\":[{\"url\":\"http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35400\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/8945\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35400\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/8945\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.