Path Traversal in 4homepages 4images

CVE-2009-2132

Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.021 (79.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References