CVE-2009-0701

Cybershade CMS 0.2b - RCE

Title source: llm

Description

Multiple PHP remote file inclusion vulnerabilities in index.php in Cybershade CMS 0.2b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) THEME_header and (2) THEME_footer parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by JosS · perlwebappsphp

https://www.exploit-db.com/exploits/7668

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/33101

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/47725

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7668

Scores

EPSS 0.0321

EPSS Percentile 87.1%

Details

CWE

CWE-94

Status published

Products (1)

cybershade/cybershadecms 0.2b

Published Feb 23, 2009

Tracked Since Feb 18, 2026