Critical severity9.8NVD Advisory· Published Jan 6, 2010· Updated Jun 16, 2026
CVE-2009-4581
CVE-2009-4581
Description
Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:roseonlinecms:roseonlinecms:*:b1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:roseonlinecms:roseonlinecms:*:b1:*:*:*:*:*:*range: <=3
- (no CPE)range: <=3 B1
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/10793nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/37529nvdBroken LinkExploitThird Party AdvisoryVDB Entry
- packetstormsecurity.org/0912-exploits/roseonlinecms-lfi.txtnvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/55207nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.