CVE-2009-4693

GraFX MiniCWB 2.3.0 - RCE

Title source: llm

Description

Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to (1) en.inc.php, (2) hu.inc.php, (3) no.inc.php, (4) ro.inc.php, and (5) ru.inc.php in language/.

Exploits (1)

exploitdb WORKING POC VERIFIED
by NoGe · textwebappsphp
https://www.exploit-db.com/exploits/9204

References (4)

Scores

EPSS 0.0119
EPSS Percentile 78.6%

Classification

CWE
CWE-94
Status draft

Affected Products (1)

grafxsoftware/minicwb

Timeline

Published Mar 10, 2010
Tracked Since Feb 18, 2026