AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2009-2378: PHP remote file inclusion vulnerability in formmailer.admin.inc.php in Jax FormMailer 3.0.0 allows remote attackers to e

infovulnerability

security

Source: NVD/CVE DatabaseJuly 8, 2009CVE-2009-2378

Summary

CVE-2009-2378 is a remote file inclusion vulnerability (a flaw that lets attackers load files from external URLs into a web application) in Jax FormMailer version 3.0.0. An attacker can exploit this by manipulating the BASE_DIR[jax_formmailer] parameter to execute arbitrary PHP code (unauthorized commands written in the PHP programming language) on the affected server.

Vulnerability Details

CVSS Score

7.5

EPSS (30-day exploit probability)

EPSS: 0.5%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-94

CAPEC (Attack Pattern)

CAPEC-242

Original source: https://nvd.nist.gov/vuln/detail/CVE-2009-2378

First tracked: February 15, 2026 at 08:43 PM

Classified by LLM (prompt v3) · confidence: 95%