CVE-2009-2143

FireStats < 1.6.2-stable - Remote Code Execution via fs_javascript Parameter

Title source: llm
STIX 2.1

Description

PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35400
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8945

Scores

EPSS 0.0282
EPSS Percentile 84.8%

Details

CWE
CWE-94
Status published
Products (48)
firestats/firestats 0.9.0-beta
firestats/firestats 0.9.1-beta
firestats/firestats 0.9.2-beta
firestats/firestats 0.9.3-beta
firestats/firestats 0.9.4-beta
firestats/firestats 0.9.5-beta
firestats/firestats 0.9.6-beta
firestats/firestats 0.9.7-beta
firestats/firestats 0.9.8-beta
firestats/firestats 0.9.9
... and 38 more
Published Jun 22, 2009
Tracked Since Feb 18, 2026