Vulnerability Details CVE-2009-4264
PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the language_path parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 73.9%
CVSS Severity
CVSS v2 Score 6.8
References
Products affected by CVE-2009-4264
-
cpe:2.3:a:aroundme:aroundme:0.5.1
-
cpe:2.3:a:aroundme:aroundme:0.5.2
-
cpe:2.3:a:aroundme:aroundme:0.6.9
-
cpe:2.3:a:barnraiser:aroundme:*
-
cpe:2.3:a:barnraiser:aroundme:0.7.7