CVE-2009-2132

4images <1.7.7 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Qabandi · textwebappsphp

https://www.exploit-db.com/exploits/8936

View Code ZIP pw:eip

References (3)

Core 3

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35427

Exploit x_refsource_misc

http://bbs.wolvez.org/topic/56/

Various Sources x_refsource_confirm

http://www.4homepages.de/forum/index.php?topic=15186.0

Scores

EPSS 0.0260

EPSS Percentile 85.7%

Details

CWE

CWE-22

Status published

Products (11)

4homepages/4images 1.0 rc-1 (2 CPE variants)

4homepages/4images 1.5

4homepages/4images 1.6

4homepages/4images 1.6.1

4homepages/4images 1.7

4homepages/4images 1.7.1

4homepages/4images 1.7.2

4homepages/4images 1.7.3

4homepages/4images 1.7.4

4homepages/4images 1.7.5

... and 1 more

Published Jun 19, 2009

Tracked Since Feb 18, 2026