CVE-2002-2200

Benjamin Lefevre Dobermann FORUM 0.5 - Code Injection

Title source: llm

Description

Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php.

Exploits (4)

exploitdb WRITEUP VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/21967

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/21969

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/21970

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/21968

View Code ZIP pw:eip

References (3)

[Mailing List] http://seclists.org/lists/bugtraq/2002/Oct/0397.html

[Third Party Advisory] http://www.iss.net/security_center/static/10492.php

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/6057

Scores

EPSS 0.0335

EPSS Percentile 87.1%

Classification

Status draft

Affected Products (5)

benjamin_lefevre/dobermann_forum

Timeline

Published Dec 31, 2002

Tracked Since Feb 18, 2026