CVE-2002-2298

Atthat.com Thatware < 0.5.3 - Code Injection

Title source: rule

Description

PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/2166

View Code ZIP pw:eip

References (3)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2002-12/0000.html

[Exploit] http://securitytracker.com/id?1005733

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/10758

Scores

EPSS 0.0293

EPSS Percentile 86.5%

Details

CWE

CWE-94

Status published

Products (1)

atthat.com/thatware < 0.5.3

Published Dec 31, 2002

Tracked Since Feb 18, 2026