PHP Remote File Inclusion Vulnerability in All In One Control Panel by AIOCP
CVE-2009-4747

Currently unrated

Key Information:

Vendor: Tecnick
Status: Aiocp
Vendor: CVE Published:; 26 March 2010

What is CVE-2009-4747?

The PHP remote file inclusion vulnerability in All In One Control Panel (AIOCP) version 1.4.001 allows attackers to execute arbitrary PHP code. This is achieved through manipulation of the 'page' parameter in the public/code/cp_html2xhtmlbasic.php file. By exploiting this vulnerability, an attacker can redirect the application to include a malicious file from a remote server, leading to potential unauthorized access and control over the affected system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/53679

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/36609

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/507030/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Mar 26, 2010
Vulnerability Reserved
Mar 26, 2010

Tecnick

What is CVE-2009-4747?

References

Timeline