CVE-2002-1887

phpMyNewsletter 0.6.10 - Remote File Inclusion via Customize.php l Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-1887. PoCs published by frog-m@n, frog.

AI-analyzed exploit summary This exploit demonstrates a file inclusion vulnerability in phpMyNewsletter 0.6.10, allowing remote attackers to include arbitrary files or execute PHP code via the 'l' parameter in customize.php.

Description

PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by frog-m@n · htmlwebappsphp

https://www.exploit-db.com/exploits/3658

View Code ZIP pw:eip

This exploit demonstrates a file inclusion vulnerability in phpMyNewsletter 0.6.10, allowing remote attackers to include arbitrary files or execute PHP code via the 'l' parameter in customize.php.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: phpMyNewsletter 0.6.10

No auth needed

Prerequisites: Network access to the target application · Ability to host a malicious file on an attacker-controlled server

MITRE ATT&CK

T1189 - Drive-by Compromise T1218 - System Binary Proxy Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/21905

View Code ZIP pw:eip

This exploit demonstrates a file inclusion vulnerability in phpMyNewsLetter's 'customize.php' script, allowing remote command execution or local file disclosure via attacker-controlled input.

Classification

Working Poc 90%

Attack Type

Rce | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: phpMyNewsLetter (version not specified)

No auth needed

Prerequisites: Access to the target web server · Ability to host a remote file or control local file paths

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5886

Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-10/0060.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/7220

Patch vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10288.php

Scores

EPSS 0.0301

EPSS Percentile 85.6%

Details

Status published

Products (1)

gregory_kokanosky/phpmynewsletter 0.6.10

Published Dec 31, 2002

Tracked Since Feb 18, 2026