Unrated severityNVD Advisory· Published Dec 2, 2009· Updated Jun 16, 2026
CVE-2009-4156
CVE-2009-4156
Description
PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:ciamos:ciamos_cms:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ciamos:ciamos_cms:*:*:*:*:*:*:*:*range: <=0.9.5
- cpe:2.3:a:ciamos:ciamos_cms:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ciamos:ciamos_cms:0.9.2:*:*:*:*:*:*:*
- Range: <=0.9.5
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/10259nvdExploit
- www.securityfocus.com/bid/37160nvdExploit
News mentions
0No linked articles in our index yet.