CVE-2009-3323

BAROSmini 0.32.595 - Remote Code Execution via PHP File Inclusion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3323. PoCs published by EA Ngel.

AI-analyzed exploit summary This is a writeup describing a remote file inclusion vulnerability in BAROSmini. It provides URLs for exploitation but does not include actual exploit code or payloads.

Description

Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.595 allow remote attackers to execute arbitrary PHP code via a URL in the baros_path parameter to (1) include/common_functions.php, and the main_path parameter to (2) lib_users.php, (3) lib_stats.php, and (4) lib_slots.php in include/lib/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by EA Ngel · textwebappsmultiple

https://www.exploit-db.com/exploits/9724

View Code ZIP pw:eip

This is a writeup describing a remote file inclusion vulnerability in BAROSmini. It provides URLs for exploitation but does not include actual exploit code or payloads.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: BAROSmini - Banner Rotation System mini

No auth needed

Prerequisites: Network access to the target system · Target system running vulnerable version of BAROSmini

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/53378

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9724

Scores

EPSS 0.0210

EPSS Percentile 79.3%

Details

CWE

CWE-94

Status published

Products (1)

robig/barosmini 0.32.595

Published Sep 23, 2009

Tracked Since Feb 18, 2026