CVE-2009-4451

kandalf upper 0.1 - Unauthenticated Arbitrary File Upload and Remote Code Execution via upper.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4451. PoCs published by indoushka.

AI-analyzed exploit summary This is a writeup describing an upload vulnerability in kandalf upper 0.1, providing URLs to exploit but no actual exploit code. It lacks technical details or payloads.

Description

Unrestricted file upload vulnerability in upper.php in kandalf upper 0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in fileup/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/10672

View Code ZIP pw:eip

This is a writeup describing an upload vulnerability in kandalf upper 0.1, providing URLs to exploit but no actual exploit code. It lacks technical details or payloads.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: kandalf upper 0.1

No auth needed

Prerequisites: access to the target web application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/61370

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/10672

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37946

Scores

EPSS 0.0334

EPSS Percentile 87.1%

Details

Status published

Products (1)

php.html/kandalf_upper 0.1

Published Dec 29, 2009

Tracked Since Feb 18, 2026