CVE-2009-4223

NUCLEI

KR-Web <1.1b2 - RCE

Title source: llm

Description

PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cr4wl3r · textwebappsphp

https://www.exploit-db.com/exploits/10216

View Code ZIP pw:eip

Nuclei Templates (1)

KR-Web <=1.1b2 - Remote File Inclusion

HIGHby geeknik

References (2)

[Exploit] http://www.exploit-db.com/exploits/10216

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/54395

Scores

EPSS 0.0426

EPSS Percentile 88.8%

Details

CWE

CWE-94

Status published

Products (2)

gianni_tommasi/kr-php_web_content_server 1.1 (2 CPE variants)

gianni_tommasi/kr-php_web_content_server < 1.1

Published Dec 07, 2009

Tracked Since Feb 18, 2026