Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-4672. PoCs published by TurkGuvenligi.
AI-analyzed exploit summary This exploit demonstrates a Local File Include (LFI) and Remote Code Execution (RCE) vulnerability in the WP Plugin Lytebox. The LFI allows reading arbitrary files, while the RCE is achieved by injecting PHP code into the Apache access log and including it via the LFI.
Description
Directory traversal vulnerability in main.php in the WP-Lytebox plugin 1.3 for WordPress allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pg parameter.
Exploits (1)
This exploit demonstrates a Local File Include (LFI) and Remote Code Execution (RCE) vulnerability in the WP Plugin Lytebox. The LFI allows reading arbitrary files, while the RCE is achieved by injecting PHP code into the Apache access log and including it via the LFI.