CVE-2002-1481

phpgb <= 1.20 - Unauthenticated Arbitrary PHP Code Execution via savesettings.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1481. PoCs published by ppp-design.

AI-analyzed exploit summary This exploit demonstrates a PHP code injection vulnerability in phpGB by bypassing authentication and injecting malicious code into the guestbook configuration file (config.php) via the savesettings.php script. The injected code (e.g., phpinfo()) is executed when other scripts reference the configuration file.

Description

savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ppp-design · textwebappsphp
https://www.exploit-db.com/exploits/21783

This exploit demonstrates a PHP code injection vulnerability in phpGB by bypassing authentication and injecting malicious code into the guestbook configuration file (config.php) via the savesettings.php script. The injected code (e.g., phpinfo()) is executed when other scripts reference the configuration file.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: phpGB (version not specified)
No auth needed
Prerequisites: Access to the target's savesettings.php script · PHP code execution enabled on the server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-09/0076.html
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10065.php
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5679

Scores

EPSS 0.0718
EPSS Percentile 93.5%

Details

Status published
Products (2)
phpgb/phpgb 1.10
phpgb/phpgb 1.20
Published Apr 22, 2003
Tracked Since Feb 18, 2026