CVE-2009-2396

PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:dutchmonkey:dm_album:1.9.2:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:dutchmonkey:dm_album:1.9.2:*:*:*:*:*:*:*

Information

Published : 2009-07-09 09:30

Updated : 2017-09-18 18:29


NVD link : CVE-2009-2396

Mitre link : CVE-2009-2396


JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa

Products Affected

dutchmonkey

  • dm_album

wordpress

  • wordpress