CVE-2009-2956

EPSS 0.21% · P43 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-2956

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

ibm websphere_commerce_suite 信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

IBM WebSphere商业套装中的Net.Commerce和Net.Data组件在web根下储存敏感信息而未赋予足够的访问控制，这使得远程攻击者可以借助直接请求查看配置文件，来发现密码、数据库和文件系统详情。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2009-2956

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2009-2956

请登录查看更多情报信息。

https://exchange.xforce.ibmcloud.com/vulnerabilities/52616vdb-entryx_refsource_XF
https://nvd.nist.gov/vuln/detail/CVE-2009-2956

Same Patch Batch · n/a · 2009-08-24 · 40 CVEs total

CVE-2008-7043		FreshScripts Fresh Email Script 'register.php'跨站脚本攻击漏洞
CVE-2008-7034		Tigran_Abrahamyan PHPEcho CMS 'Smarty.class.php'远程文件包含漏洞
CVE-2008-7035		Simple Machines phpRaider未明组件跨站脚本攻击漏洞
CVE-2008-7036		Bcoos DevTracker模块多个跨站脚本攻击漏洞
CVE-2008-7037		ITN News Gadget 'short_title' Parameter远程代码执行漏洞
CVE-2008-7038		PHP-NukeSQL注入漏洞
CVE-2008-7039		Gelatocms 'admin/comments.php'跨站脚本攻击漏洞
CVE-2008-7040		Yellow Swordfish Simple Forum 'sf-profile.php' SQL注入漏洞
CVE-2008-7041		Ajsquare AJ Classifieds身份认证绕过漏洞
CVE-2008-7042		FreshScripts Fresh Email Script 'url.php' 远程文件包含漏洞
CVE-2008-7033		Galore Simple Shop 'index.php' SQL注入漏洞
CVE-2008-7044		Ajsquare AJPoll 'admin/include/newpoll.php' SQL注入漏洞
CVE-2008-7045		Ajsquare AJPoll授权问题漏洞
CVE-2008-7046		ajsquare free_polling_script 授权问题漏洞
CVE-2008-7047		NatterChat 'admin/home.asp' 身份认证绕过漏洞
CVE-2008-7048		NatterChat 多个跨站脚本攻击漏洞
CVE-2008-7049		NatterChat 'login.asp' 多个SQL注入漏洞
CVE-2008-7050		WoW Raid Manager 'auth/auth_phpbb3.php'信任管理漏洞
CVE-2008-7051		Ajsquare AJ Article身份认证绕过漏洞
CVE-2008-7052		Pre Projects Pre Real Estate Listings 'profile.php' 任意文件上传漏洞

Showing top 20 of 40 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2009-2956

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2009-2956

I. Basic Information for CVE-2009-2956

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2009-2956

III. Intelligence Information for CVE-2009-2956

Same Patch Batch · n/a · 2009-08-24 · 40 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2009-2956

Leave a comment