CVE-2009-3760

EPSS 2.7%

Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/9106unverified exploitdbwww.exploit-db.com/exploits/9106unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt http://securitytracker.com/id?1022520 http://www.exploit-db.com/exploits/9106 http://www.securityfocus.com/archive/1/504764 http://www.securityfocus.com/bid/35592 http://www.vupen.com/english/advisories/2009/1814