CVE-2009-4319
eocms < 0.9.03 - Remote Code Execution via BBCODE_path Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-4319. PoCs published by 1nd0n3s14n l4m3r.
AI-analyzed exploit summary This is a writeup describing a Remote File Include (RFI) vulnerability in eoCMS <= 0.9.03. The vulnerability exists in the 'bbcode-form.php' file due to improper input validation of the 'BBCODE_path' parameter.
Description
PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter.
Exploits (1)
This is a writeup describing a Remote File Include (RFI) vulnerability in eoCMS <= 0.9.03. The vulnerability exists in the 'bbcode-form.php' file due to improper input validation of the 'BBCODE_path' parameter.