CVE-2010-1337

Lussumo Vanilla <1.1.10 - RCE

Title source: llm

Description

Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by eidelweiss · textwebappsphp

https://www.exploit-db.com/exploits/33781

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/57147

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/38889

Exploit x_refsource_misc

http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt

Scores

EPSS 0.0094

EPSS Percentile 76.3%

Details

CWE

CWE-94

Status published

Products (15)

lussumo/vanilla 0.9.2

lussumo/vanilla 1.0.1

lussumo/vanilla 1.0.2

lussumo/vanilla 1.0.3

lussumo/vanilla 1.1

lussumo/vanilla 1.1.1

lussumo/vanilla 1.1.2

lussumo/vanilla 1.1.3

lussumo/vanilla 1.1.4

lussumo/vanilla 1.1.5 (3 CPE variants)

... and 5 more

Published Apr 09, 2010

Tracked Since Feb 18, 2026