CVE-2009-3174

OBOphiX < 2.7.0 - Remote Code Execution via chemin_lib Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3174. PoCs published by EA Ngel.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in OBOphiX's fonctions_racine.php (version <= 2.7.0) by manipulating the 'chemin_lib' parameter to include arbitrary remote files. The PoC provides a URL structure to exploit the vulnerability but lacks executable payload details.

Description

PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by EA Ngel · textwebappsphp
https://www.exploit-db.com/exploits/9600

This exploit demonstrates a Remote File Include (RFI) vulnerability in OBOphiX's fonctions_racine.php (version <= 2.7.0) by manipulating the 'chemin_lib' parameter to include arbitrary remote files. The PoC provides a URL structure to exploit the vulnerability but lacks executable payload details.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: OBOphiX fonctions_racine.php <= 2.7.0
No auth needed
Prerequisites: Target server with vulnerable OBOphiX installation · Remote file hosting for payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9600

Scores

EPSS 0.0209
EPSS Percentile 79.2%

Details

CWE
CWE-94
Status published
Products (2)
odelao/obophix 1.0
odelao/obophix < 2.7.0
Published Sep 11, 2009
Tracked Since Feb 18, 2026