CVE-2002-1135
phpWebSite - Remote Code Execution via modsecurity.php inc_prefix Parameter
Title source: manualExploitation Summary
EIP tracks 1 public exploit for CVE-2002-1135. PoCs published by Tim Vandermeersch.
AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in phpWebsite, allowing an attacker to include a malicious PHP file from a remote server. The PoC shows how an attacker can execute arbitrary commands by specifying a remote location for the htmlheader.php script.
Description
modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.
Exploits (1)
This exploit demonstrates a remote file inclusion vulnerability in phpWebsite, allowing an attacker to include a malicious PHP file from a remote server. The PoC shows how an attacker can execute arbitrary commands by specifying a remote location for the htmlheader.php script.