CVE-2009-2143
FireStats < 1.6.2-stable - Remote Code Execution via fs_javascript Parameter
Title source: llmDescription
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://firestats.cc/wiki/ChangeLog#a1.6.2-stable13062009
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35400
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8945
Scores
EPSS
0.0282
EPSS Percentile
84.8%
Details
CWE
CWE-94
Status
published
Products (48)
firestats/firestats
0.9.0-beta
firestats/firestats
0.9.1-beta
firestats/firestats
0.9.2-beta
firestats/firestats
0.9.3-beta
firestats/firestats
0.9.4-beta
firestats/firestats
0.9.5-beta
firestats/firestats
0.9.6-beta
firestats/firestats
0.9.7-beta
firestats/firestats
0.9.8-beta
firestats/firestats
0.9.9
... and 38 more
Published
Jun 22, 2009
Tracked Since
Feb 18, 2026