CVE-2009-4977

Tufat Mybackup - Code Injection

Title source: rule

Description

PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SirGod · textwebappsphp
https://www.exploit-db.com/exploits/9365

References (3)

Scores

EPSS 0.0061
EPSS Percentile 69.4%

Classification

CWE
CWE-94
Status draft

Affected Products (1)

tufat/mybackup

Timeline

Published Aug 25, 2010
Tracked Since Feb 18, 2026