CVE-2009-3365

EIP tracks 1 public exploit for CVE-2009-3365. PoCs published by EA Ngel.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in Aurora CMS (Enterprise Edition) via the 'install.plugin.php' script. The vulnerability allows an attacker to include arbitrary remote files by manipulating the 'AURORA_MODULES_FOLDER' parameter.

PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.