CVE-2009-2262
AjaxPortal 3.0 - Remote Code Execution via pathtoserverdata Parameter
Title source: llmDescription
PHP remote file inclusion vulnerability in install/di.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoserverdata parameter. NOTE: the installation instructions specify deleting the install/ folder.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504618/100/0/threaded
Scores
EPSS
0.0124
EPSS Percentile
65.4%
Details
CWE
CWE-94
Status
published
Products (1)
myiosoft/ajaxportal
3.0
Published
Jun 30, 2009
Tracked Since
Feb 18, 2026