Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2009-4264

Published: 10/12/2009 Updated: 11/12/2009
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Aroundme

Vulnerability Summary

PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and previous versions, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the language_path parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

aroundme aroundme 0.5.1

barnraiser aroundme 0.7.7

barnraiser aroundme

aroundme aroundme 0.6.9

aroundme aroundme 0.5.2

Exploits

Exploit DB: AROUNDMe 1.1 - 'language_path' Remote File Inclusion
[ Discovered by cr4wl3r \ Indonesian Hacker ] ######################################################################## 3rr0r: /aroundme_1_1/aroundme/components/core/connectphp (line 25) <?php include_once($language_path 'connectlangphp'); ?> ################################################################## ...

References

CWE-94http://www.exploit-db.com/exploits/10329http://secunia.com/advisories/37567https://nvd.nist.govhttps://www.exploit-db.com/exploits/10329/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook