CVE-2009-1526

JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html	Broken Link
http://osvdb.org/54014	Broken Link
http://secunia.com/advisories/34861	Vendor Advisory
http://www.directadmin.com/features.php?id=968	Vendor Advisory Release Notes
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html	Broken Link
http://osvdb.org/54014	Broken Link
http://secunia.com/advisories/34861	Vendor Advisory
http://www.directadmin.com/features.php?id=968	Vendor Advisory Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:directadmin:directadmin:*:*:*:*:*:*:*:*

History

16 Dec 2025, 21:05

Type	Values Removed	Values Added
First Time		Directadmin Directadmin directadmin
CPE	cpe:2.3:a:jbmc-software:directadmin:1.282:::::::* cpe:2.3:a:jbmc-software:directadmin:1.312:::::::* cpe:2.3:a:jbmc-software:directadmin:1.274:::::::* cpe:2.3:a:jbmc-software:directadmin:1.261:::::::* cpe:2.3:a:jbmc-software:directadmin:1.231:::::::* cpe:2.3:a:jbmc-software:directadmin:1.152:::::::* cpe:2.3:a:jbmc-software:directadmin:1.311:::::::* cpe:2.3:a:jbmc-software:directadmin:1.285:::::::* cpe:2.3:a:jbmc-software:directadmin:1.293:::::::* cpe:2.3:a:jbmc-software:directadmin:1.241:::::::* cpe:2.3:a:jbmc-software:directadmin:1.02:::::::* cpe:2.3:a:jbmc-software:directadmin:1.09:::::::* cpe:2.3:a:jbmc-software:directadmin:1.291:::::::* cpe:2.3:a:jbmc-software:directadmin:1.174:::::::* cpe:2.3:a:jbmc-software:directadmin:1.254:::::::* cpe:2.3:a:jbmc-software:directadmin:1.223:::::::* cpe:2.3:a:jbmc-software:directadmin:1.173:::::::* cpe:2.3:a:jbmc-software:directadmin:1.202:::::::* cpe:2.3:a:jbmc-software:directadmin:1.281:::::::* cpe:2.3:a:jbmc-software:directadmin:1.212:::::::* cpe:2.3:a:jbmc-software:directadmin:1.302:::::::* cpe:2.3:a:jbmc-software:directadmin:1.331:::::::* cpe:2.3:a:jbmc-software:directadmin:1.332:::::::* cpe:2.3:a:jbmc-software:directadmin:1.15:::::::* cpe:2.3:a:jbmc-software:directadmin:1.31:::::::* cpe:2.3:a:jbmc-software:directadmin:1.273:::::::* cpe:2.3:a:jbmc-software:directadmin:1.171:::::::* cpe:2.3:a:jbmc-software:directadmin:1.264:::::::* cpe:2.3:a:jbmc-software:directadmin:1.193:::::::* cpe:2.3:a:jbmc-software:directadmin:1.251:::::::* cpe:2.3:a:jbmc-software:directadmin:1.05:::::::* cpe:2.3:a:jbmc-software:directadmin:1.211:::::::* cpe:2.3:a:jbmc-software:directadmin:1.263:::::::* cpe:2.3:a:jbmc-software:directadmin:1:::::::* cpe:2.3:a:jbmc-software:directadmin:1.192:::::::* cpe:2.3:a:jbmc-software:directadmin:1.195:::::::* cpe:2.3:a:jbmc-software:directadmin:1.233:::::::* cpe:2.3:a:jbmc-software:directadmin:1.242:::::::* cpe:2.3:a:jbmc-software:directadmin:1.315:::::::* cpe:2.3:a:jbmc-software:directadmin:1.244:::::::* cpe:2.3:a:jbmc-software:directadmin:1.275:::::::* cpe:2.3:a:jbmc-software:directadmin:1.13:::::::* cpe:2.3:a:jbmc-software:directadmin:1.11:::::::* cpe:2.3:a:jbmc-software:directadmin:1.203:::::::* cpe:2.3:a:jbmc-software:directadmin:1.28:::::::* cpe:2.3:a:jbmc-software:directadmin:1.22:::::::* cpe:2.3:a:jbmc-software:directadmin:1.265:::::::* cpe:2.3:a:jbmc-software:directadmin:1.06:::::::* cpe:2.3:a:jbmc-software:directadmin:1.243:::::::* cpe:2.3:a:jbmc-software:directadmin:1.03:::::::* cpe:2.3:a:jbmc-software:directadmin:1.26:::::::* cpe:2.3:a:jbmc-software:directadmin:1.29:::::::* cpe:2.3:a:jbmc-software:directadmin:1.17:::::::* cpe:2.3:a:jbmc-software:directadmin:1.221:::::::* cpe:2.3:a:jbmc-software:directadmin:1.172:::::::* cpe:2.3:a:jbmc-software:directadmin:1.25:::::::* cpe:2.3:a:jbmc-software:directadmin:1.206:::::::* cpe:2.3:a:jbmc-software:directadmin:1.262:::::::* cpe:2.3:a:jbmc-software:directadmin:1.323:::::::* cpe:2.3:a:jbmc-software:directadmin:1.297:::::::* cpe:2.3:a:jbmc-software:directadmin:1.18:::::::* cpe:2.3:a:jbmc-software:directadmin:1.081:::::::* cpe:2.3:a:jbmc-software:directadmin:1.16:::::::* cpe:2.3:a:jbmc-software:directadmin:1.294:::::::* cpe:2.3:a:jbmc-software:directadmin:1.1941:::::::* cpe:2.3:a:jbmc-software:directadmin:1.23:::::::* cpe:2.3:a:jbmc-software:directadmin:1.161:::::::* cpe:2.3:a:jbmc-software:directadmin:1.301:::::::* cpe:2.3:a:jbmc-software:directadmin:1.292:::::::* cpe:2.3:a:jbmc-software:directadmin:1.151:::::::* cpe:2.3:a:jbmc-software:directadmin:1.01:::::::* cpe:2.3:a:jbmc-software:directadmin:1.226:::::::* cpe:2.3:a:jbmc-software:directadmin:1.24:::::::* cpe:2.3:a:jbmc-software:directadmin:1.196:::::::* cpe:2.3:a:jbmc-software:directadmin:1.201:::::::* cpe:2.3:a:jbmc-software:directadmin:1.252:::::::* cpe:2.3:a:jbmc-software:directadmin:1.222:::::::* cpe:2.3:a:jbmc-software:directadmin:1.207:::::::* cpe:2.3:a:jbmc-software:directadmin:1.322:::::::* cpe:2.3:a:jbmc-software:directadmin:1.286:::::::* cpe:2.3:a:jbmc-software:directadmin:1.1:::::::* cpe:2.3:a:jbmc-software:directadmin:1.232:::::::* cpe:2.3:a:jbmc-software:directadmin:1.253:::::::* cpe:2.3:a:jbmc-software:directadmin:1.204:::::::* cpe:2.3:a:jbmc-software:directadmin:1.14:::::::* cpe:2.3:a:jbmc-software:directadmin:1.08:::::::* cpe:2.3:a:jbmc-software:directadmin:1.225:::::::* cpe:2.3:a:jbmc-software:directadmin:1.19:::::::* cpe:2.3:a:jbmc-software:directadmin:1.32:::::::* cpe:2.3:a:jbmc-software:directadmin:1.224:::::::* cpe:2.3:a:jbmc-software:directadmin:1.234:::::::* cpe:2.3:a:jbmc-software:directadmin:1.12:::::::* cpe:2.3:a:jbmc-software:directadmin:1.27:::::::* cpe:2.3:a:jbmc-software:directadmin:1.121:::::::* cpe:2.3:a:jbmc-software:directadmin:1.21:::::::* cpe:2.3:a:jbmc-software:directadmin:1.04:::::::* cpe:2.3:a:jbmc-software:directadmin:1.111:::::::* cpe:2.3:a:jbmc-software:directadmin:0.95:::::::* cpe:2.3:a:jbmc-software:directadmin:1.205:::::::* cpe:2.3:a:jbmc-software:directadmin:1.3:::::::* cpe:2.3:a:jbmc-software:directadmin:1.314:::::::* cpe:2.3:a:jbmc-software:directadmin:1.321:::::::* cpe:2.3:a:jbmc-software:directadmin:1.296:::::::* cpe:2.3:a:jbmc-software:directadmin:1.2:::::::* cpe:2.3:a:jbmc-software:directadmin:1.181:::::::* cpe:2.3:a:jbmc-software:directadmin:1.33:::::::* cpe:2.3:a:jbmc-software:directadmin:1.1741:::::::* cpe:2.3:a:jbmc-software:directadmin:1.235:::::::* cpe:2.3:a:jbmc-software:directadmin:1.213:::::::* cpe:2.3:a:jbmc-software:directadmin:1.266:::::::* cpe:2.3:a:jbmc-software:directadmin:1.07:::::::* cpe:2.3:a:jbmc-software:directadmin:::::::: cpe:2.3:a:jbmc-software:directadmin:1.255:::::::* cpe:2.3:a:jbmc-software:directadmin:1.313:::::::* cpe:2.3:a:jbmc-software:directadmin:1.295:::::::*	cpe:2.3:a:directadmin:directadmin::::::::
References	~~() http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html -~~	() http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html - Broken Link
References	~~() http://osvdb.org/54014 -~~	() http://osvdb.org/54014 - Broken Link
References	~~() http://www.directadmin.com/features.php?id=968 - Vendor Advisory~~	() http://www.directadmin.com/features.php?id=968 - Vendor Advisory, Release Notes

Information

Published : 2009-05-05 20:30

Updated : 2025-12-16 21:05

NVD link : CVE-2009-1526

Mitre link : CVE-2009-1526

CVE.ORG link : CVE-2009-1526

JSON object : View

Products Affected

directadmin

directadmin

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

6.9 /10