CVE-2009-3426

2009-09-2522:00:00

mitre

www.cve.org

7.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

JSON

PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote attackers to execute arbitrary PHP code via a URL in the fm_includes_special parameter.

References

secunia.com/advisories/36105

www.exploit-db.com/exploits/9350

www.vupen.com/english/advisories/2009/2136