CVE-2009-2641

PHP - RCE

Title source: llm

Description

PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Br0ly · textwebappsphp

https://www.exploit-db.com/exploits/8924

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/8924

Scores

EPSS 0.0163

EPSS Percentile 82.0%

Details

CWE

CWE-94

Status published

Products (1)

rich_white/school_data_nav

Published Jul 28, 2009

Tracked Since Feb 18, 2026