CVE-2002-0953

EXPLOITED

PHP Address <0.2f - RCE

Title source: llm

Description

globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen and register_globals variables enabled, allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tim Vandermeerch · textwebappsphp

https://www.exploit-db.com/exploits/21564

View Code ZIP pw:eip

References (4)

[Exploit] http://www.iss.net/security_center/static/9379.php

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/5039

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/277987

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2002-06/0182.html

Scores

EPSS 0.0642

EPSS Percentile 91.1%

Details

VulnCheck KEV 2024-09-19

Status published

Products (1)

php_address/php_address 0.2e

Published Oct 04, 2002

Tracked Since Feb 18, 2026