CVE-2002-2200

Benjamin Lefevre Dobermann FORUM 0.5 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2002-2200. PoCs published by frog.

AI-analyzed exploit summary This exploit demonstrates a file inclusion vulnerability in Dobermann Forum, where the 'subpath' parameter in newtopic.php can be manipulated to include arbitrary remote files. The attack leverages improper input validation to execute remote PHP scripts.

Description

Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php.

Exploits (4)

exploitdb WORKING POC VERIFIED
by frog · textwebappsphp
https://www.exploit-db.com/exploits/21970

This exploit demonstrates a file inclusion vulnerability in Dobermann Forum, where the 'subpath' parameter in newtopic.php can be manipulated to include arbitrary remote files. The attack leverages improper input validation to execute remote PHP scripts.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Dobermann Forum (version not specified)
No auth needed
Prerequisites: Network access to the target server · Remote PHP file hosted by the attacker
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by frog · textwebappsphp
https://www.exploit-db.com/exploits/21969

This exploit demonstrates a file inclusion vulnerability in Dobermann Forum by manipulating the 'subpath' parameter to include arbitrary remote files. The attack leverages improper input validation to execute remote PHP scripts.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Dobermann Forum (version not specified)
No auth needed
Prerequisites: Remote server hosting malicious PHP script · Target server with vulnerable Dobermann Forum installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by frog · textwebappsphp
https://www.exploit-db.com/exploits/21968

The exploit describes a file inclusion vulnerability in Dobermann Forum, where the 'subpath' parameter in 'enteteacceuil.php' can be manipulated to include arbitrary remote files. This is a classic remote file inclusion (RFI) vulnerability.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Dobermann Forum (version not specified)
No auth needed
Prerequisites: Remote file hosting server · Target server with vulnerable Dobermann Forum installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by frog · textwebappsphp
https://www.exploit-db.com/exploits/21967

The exploit describes a remote file inclusion vulnerability in Dobermann Forum, where an attacker can include arbitrary files from a remote server by manipulating the 'subpath' parameter in specific PHP scripts. This is achieved by supplying a URL to a remote file as the value for the 'subpath' parameter.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Dobermann Forum (version not specified)
No auth needed
Prerequisites: Access to the target server · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/lists/bugtraq/2002/Oct/0397.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6057
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10492.php

Scores

EPSS 0.0712
EPSS Percentile 93.4%

Details

Status published
Products (5)
benjamin_lefevre/dobermann_forum 0.1
benjamin_lefevre/dobermann_forum 0.2
benjamin_lefevre/dobermann_forum 0.3
benjamin_lefevre/dobermann_forum 0.4
benjamin_lefevre/dobermann_forum 0.5
Published Dec 31, 2002
Tracked Since Feb 18, 2026