CVE-2009-1230
podcast_generator <= 1.1 - Authenticated PHP Code Injection via Recent Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-1230. PoCs published by BlackHawk.
AI-analyzed exploit summary This exploit targets Podcast Generator <= 1.1 by deleting the config file and reconfiguring it with malicious code to achieve remote code execution. It leverages unauthenticated file deletion and unsanitized input in the configuration script.
Description
Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.
Exploits (1)
This exploit targets Podcast Generator <= 1.1 by deleting the config file and reconfiguring it with malicious code to achieve remote code execution. It leverages unauthenticated file deletion and unsanitized input in the configuration script.