CVE-2009-3056

EIP tracks 1 public exploit for CVE-2009-3056. PoCs published by CoBRa_21.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Kingcms v0.6.0 by manipulating the `CONFIG[AdminPath]` parameter in `menu.php` to include arbitrary remote files. The vulnerability arises due to insufficient input validation and unsafe file inclusion practices.

PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[AdminPath] parameter.