CVE-2009-2182

Campsite 3.3.0 RC1 - Remote Code Execution via GLOBALS[g_campsiteDir] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2182. PoCs published by CraCkEr.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in Campsite 3.3.0 RC1 due to improper handling of the GLOBALS[g_campsiteDir] parameter. It allows an attacker to include arbitrary remote files, potentially leading to remote code execution.

Description

Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) ad_popup.php, (2) camp_html.php, (3) init_content.php, (4) logout.php, (5) menu.php, and (6) set-author.php in admin-files/; (7) conf/liveuser_configuration.php; (8) include/phorum_load.php; (9) CommandProcessor.php and (10) index.php in admin-files/article_import; and (11) add.php, (12) add_move.php, (13) autopublish.php, and (14) autopublish_del.php in admin-files/articles/.

Exploits (1)

exploitdb WORKING POC VERIFIED
by CraCkEr · textwebappsphp
https://www.exploit-db.com/exploits/8995

This exploit demonstrates a Remote File Include (RFI) vulnerability in Campsite 3.3.0 RC1 due to improper handling of the GLOBALS[g_campsiteDir] parameter. It allows an attacker to include arbitrary remote files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Campsite 3.3.0 RC1
No auth needed
Prerequisites: Register Globals must be enabled on the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8995

Scores

EPSS 0.0172
EPSS Percentile 74.5%

Details

CWE
CWE-94
Status published
Products (1)
campware.org/campsite 3.3.0 rc1
Published Jun 23, 2009
Tracked Since Feb 18, 2026