CVE-2009-4223

Name of the Vulnerable Software and Affected Versions KR-Web versions 1.1b2 and earlier

Description A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the DOCUMENT ROOT parameter. This can be exploited by providing a malicious URL, potentially leading to code execution on the vulnerable system.

Recommendations For KR-Web versions 1.1b2 and earlier, consider restricting access to the adm/krgourl.php file until a patch is available. As a temporary workaround, avoid using the DOCUMENT ROOT parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.