CVE-2009-4961

lanai-core 0.6 - Exposure of Sensitive Information via info.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4961. PoCs published by Khashayar Fereidani.

AI-analyzed exploit summary This is a writeup describing a remote file disclosure vulnerability in Lanai Core v0.6. It provides URLs to exploit the vulnerability but does not include functional exploit code.

Description

Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Khashayar Fereidani · textwebappsphp

https://www.exploit-db.com/exploits/9490

View Code ZIP pw:eip

This is a writeup describing a remote file disclosure vulnerability in Lanai Core v0.6. It provides URLs to exploit the vulnerability but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Lanai Core v0.6

No auth needed

Prerequisites: access to the target web server

MITRE ATT&CK

T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9490

Scores

EPSS 0.0222

EPSS Percentile 80.3%

Details

CWE

CWE-200

Status published

Products (1)

lanai-core/lanai-core 0.6

Published Jul 28, 2010

Tracked Since Feb 18, 2026