CVE-2009-4156

PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ciamos:ciamos_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:ciamos:ciamos_cms:0.9:*:*:*:*:*:*:*
cpe:2.3:a:ciamos:ciamos_cms:0.9.2:*:*:*:*:*:*:*

History

21 Nov 2024, 01:09

Type Values Removed Values Added
References () http://www.exploit-db.com/exploits/10259 - Exploit () http://www.exploit-db.com/exploits/10259 - Exploit
References () http://www.securityfocus.com/bid/37160 - Exploit () http://www.securityfocus.com/bid/37160 - Exploit

Information

Published : 2009-12-02 17:30

Updated : 2024-11-21 01:09


NVD link : CVE-2009-4156

Mitre link : CVE-2009-4156

CVE.ORG link : CVE-2009-4156


JSON object : View

Products Affected

ciamos

  • ciamos_cms
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')