CVE-2009-4254

Name: CVE-2009-4254
Creator: NVD / NIST
Published: 2009-12-10T01:30:00.39+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.06%

Last modified Jun 16, 2026

CVE-2009-4254 is a vulnerability of currently unknown severity. PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to (1) edCss.inc.php, (2) foot.inc.php, (3) get_csscolors.inc.php, (4) head.inc.php, (5) head_stuff.inc.php, (6) loglist.inc.php, and (7) pphlogger_send.inc.php in include/, which reveals the installation path in an error message.. EPSS estimates a 1.06% chance of exploitation in the next 30 days.

Description

PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to (1) edCss.inc.php, (2) foot.inc.php, (3) get_csscolors.inc.php, (4) head.inc.php, (5) head_stuff.inc.php, (6) loglist.inc.php, and (7) pphlogger_send.inc.php in include/, which reveals the installation path in an error message.

Metrics

EPSS Probability

1.06%

60.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Phpee	Pphlogger	2.2.5

References

Timeline

Published: Dec 10, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-4254?

How severe is CVE-2009-4254?

Severity scoring for CVE-2009-4254 is pending analysis. The EPSS model estimates a 1.06% probability of exploitation in the next 30 days.

How do I fix CVE-2009-4254?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-4254?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST