CVE-2003-1405

DotBr 0.1 - Remote Command Execution via cmd Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-1405. PoCs published by frog.

AI-analyzed exploit summary The exploit describes a remote command execution vulnerability in DotBr's 'system.php3' script due to insufficient input sanitization. It provides a URL example for exploitation but lacks actual PoC code.

Description

DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3.

Exploits (2)

exploitdb WRITEUP VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/22253

View Code ZIP pw:eip

The exploit describes a remote command execution vulnerability in DotBr's 'system.php3' script due to insufficient input sanitization. It provides a URL example for exploitation but lacks actual PoC code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: DotBr system.php3

No auth needed

Prerequisites: Access to the vulnerable 'system.php3' script

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/22254

View Code ZIP pw:eip

The exploit demonstrates a remote command execution vulnerability in DotBr's 'exec.php3' script due to insufficient input sanitization. An attacker can execute arbitrary shell commands by appending them to the 'cmd' parameter in the URL.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: DotBr exec.php3

No auth needed

Prerequisites: Access to the vulnerable 'exec.php3' script

MITRE ATT&CK