CVE-2009-4834

EXPLOITED

Xpressengine Zeroboard - Code Injection

Title source: rule

Description

lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SpeeDr00t · cwebappsphp
https://www.exploit-db.com/exploits/9590

References (3)

Scores

EPSS 0.0130
EPSS Percentile 79.8%

Details

VulnCheck KEV 2012-04-12
CWE
CWE-94
Status published
Products (1)
xpressengine/zeroboard 4.1 pl7
Published May 04, 2010
Tracked Since Feb 18, 2026