Path Traversal in 4homepages 4images
CVE-2009-2132
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.021 (79.4th percentile) — read the EPSS interpretation.
Affected products
- 4homepages 4images — versions 1.0, 1.5, 1.6
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM)