CVE-2003-0395

Ultimate PHP Board 1.9 - Remote Code Execution via User-Agent Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0395. PoCs published by euronymous.

AI-analyzed exploit summary This exploit demonstrates a log poisoning vulnerability in Ultimate PHP Board where arbitrary PHP code can be injected via the User-Agent header. The payload is executed when an administrator views the log file via 'admin_iplog.php'.

Description

Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by euronymous · textwebappsphp

https://www.exploit-db.com/exploits/22642

View Code ZIP pw:eip

This exploit demonstrates a log poisoning vulnerability in Ultimate PHP Board where arbitrary PHP code can be injected via the User-Agent header. The payload is executed when an administrator views the log file via 'admin_iplog.php'.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Ultimate PHP Board

No auth needed

Prerequisites: Access to the target web server · Administrator interaction to view the log file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Broken Link x_refsource_misc

http://f0kp.iplus.ru/bz/024.en.txt

Third Party Advisory mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=105379741528925&w=2

Scores

EPSS 0.0253

EPSS Percentile 82.9%

Details

CWE

CWE-94

Status published

Products (1)

myupb/ultimate_php_board 1.9

Published Jul 02, 2003

Tracked Since Feb 18, 2026