CVE-2002-2249

PHP Evolution News Evolution - Code Injection

Title source: rule

Description

PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by frog · textwebappsphp
https://www.exploit-db.com/exploits/22048

References (3)

Scores

EPSS 0.0259
EPSS Percentile 85.4%

Classification

CWE
CWE-94
Status draft

Affected Products (2)

php_evolution/news_evolution
php_evolution/news_evolution

Timeline

Published Dec 31, 2002
Tracked Since Feb 18, 2026