CVE-2009-4106

Agoko CMS <0.4 - Code Injection

Title source: llm

Description

Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and earlier allows remote attackers to inject and execute arbitrary PHP code via the filename and text parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by StAkeR · perlwebappsphp

https://www.exploit-db.com/exploits/9605

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/2613

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/53113

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9605

Scores

EPSS 0.0265

EPSS Percentile 85.8%

Details

CWE

CWE-20

Status published

Products (1)

ohloh/agoko_cms < 0.4

Published Nov 29, 2009

Tracked Since Feb 18, 2026