Vulnerabilities > CVE-2015-0889 - Security Bypass vulnerability in Kent-Web Joyful Note 2.8/5.21/5.3

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

kent-web

NVD

Published: 2015-02-28

Updated: 2015-03-02

Summary

KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article.

Vulnerable Configurations

Part	Description	Count
Application	Kent-Web Kent WEB Joyful Note 2.8 Kent WEB Joyful Note 5.3 Kent WEB Joyful Note 5.21	3

References

http://jvn.jp/en/jp/JVN88862608/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000024
http://www.kent-web.com/bbs/joyful.html