Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-4205. PoCs published by K4m1k451.
AI-analyzed exploit summary This exploit demonstrates SQL injection and local file inclusion vulnerabilities in Flashlight Free Edition. The SQLi allows arbitrary data retrieval from the database, while the LFI enables reading local files via path traversal.
Description
Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
Exploits (1)
This exploit demonstrates SQL injection and local file inclusion vulnerabilities in Flashlight Free Edition. The SQLi allows arbitrary data retrieval from the database, while the LFI enables reading local files via path traversal.