VYPR
Unrated severityNVD Advisory· Published Dec 2, 2009· Updated Jun 16, 2026

CVE-2009-4156

CVE-2009-4156

Description

PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Ciamos/Ciamos CMS3 versions
    cpe:2.3:a:ciamos:ciamos_cms:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:ciamos:ciamos_cms:*:*:*:*:*:*:*:*range: <=0.9.5
    • cpe:2.3:a:ciamos:ciamos_cms:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ciamos:ciamos_cms:0.9.2:*:*:*:*:*:*:*
  • Siteserver/CMSllm-fuzzy
    Range: <=0.9.5

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.