CVE-2002-1878
w-agora 4.1.3 - Remote Code Execution via inc_dir Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-1878. PoCs published by frog.
AI-analyzed exploit summary This exploit demonstrates a file inclusion vulnerability in W-Agora, allowing an attacker to include arbitrary remote files via the 'inc_dir' parameter. If the included file is a PHP script, it can lead to remote code execution (RCE).
Description
PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by frog · textwebappsphp
https://www.exploit-db.com/exploits/21529
This exploit demonstrates a file inclusion vulnerability in W-Agora, allowing an attacker to include arbitrary remote files via the 'inc_dir' parameter. If the included file is a PHP script, it can lead to remote code execution (RCE).
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
W-Agora (version not specified)
No auth needed
Prerequisites:
Target must have W-Agora installed with vulnerable configuration · Remote file inclusion must be enabled on the server
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
http://www.w-agora.net/current/view.php?site=support&bn=support_dl&key=1023878911&first=1023878911&last=957369563
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4977
Patch vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9317.php
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html
Exploit x_refsource_misc
http://www.ifrance.com/kitetoua/tuto/W-Agora.txt
Scores
EPSS
0.0256
EPSS Percentile
83.0%
Details
Status
published
Products (3)
w-agora/w-agora
4.1.1
w-agora/w-agora
4.1.2
w-agora/w-agora
4.1.3
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026