CVE-2009-4223 Information

Description

PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.

Reference

http://www.exploit-db.com/exploits/10216 https://exchange.xforce.ibmcloud.com/vulnerabilities/54395 krweb-krgourl-file-include(54395) PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.