CVE-2010-4943

Saurus CMS 4.7.0 - Remote Code Execution via Class Path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4943. PoCs published by LoSt.HaCkEr.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in SaurusCMSupdate4.7.0, allowing an attacker to include arbitrary remote files via the 'class_path' parameter in 'file.php' and 'com_del.php'. The vulnerability is due to insufficient input validation.

Description

Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php.

Exploits (1)

exploitdb WORKING POC
by LoSt.HaCkEr · textwebappsphp
https://www.exploit-db.com/exploits/14618

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in SaurusCMSupdate4.7.0, allowing an attacker to include arbitrary remote files via the 'class_path' parameter in 'file.php' and 'com_del.php'. The vulnerability is due to insufficient input validation.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SaurusCMSupdate4.7.0
No auth needed
Prerequisites: Network access to the target · Remote file hosting for RFI payload
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14618

Scores

EPSS 0.0210
EPSS Percentile 79.5%

Details

CWE
CWE-94
Status published
Products (1)
brothersoft/saurus_cms 4.7.0
Published Oct 09, 2011
Tracked Since Feb 18, 2026