CVE-2003-1256

E-theni - Remote Code Execution via rep_include Parameter

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1256. PoCs published by frog.

AI-analyzed exploit summary This is a writeup describing a remote file inclusion vulnerability in E-theni's 'aff_liste_langue.php' script, which allows arbitrary command execution by manipulating the 'rep_include' parameter to include a malicious remote file.

Description

aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by frog · textwebappsphp
https://www.exploit-db.com/exploits/22293

This is a writeup describing a remote file inclusion vulnerability in E-theni's 'aff_liste_langue.php' script, which allows arbitrary command execution by manipulating the 'rep_include' parameter to include a malicious remote file.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: E-theni (version not specified)
No auth needed
Prerequisites: Network access to the target application · Ability to host a malicious file on an attacker-controlled server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/11013.php
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6970
Exploit, Patch mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/305381
Exploit, Patch mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0009.html

Scores

EPSS 0.0484
EPSS Percentile 90.9%

Details

Status published
Products (1)
e-theni/e-theni
Published Dec 31, 2003
Tracked Since Feb 18, 2026