CVE-2005-0980

AlstraSoft EPay Pro 2.0 - Remote File Inclusion via Index.php View Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0980. PoCs published by Dcrab.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in EPay Pro 2.0, where the 'view' parameter can be manipulated to include and execute arbitrary remote scripts. The example URL demonstrates the attack vector but lacks executable code.

Description

PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Dcrab · textwebappsphp

https://www.exploit-db.com/exploits/25327

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in EPay Pro 2.0, where the 'view' parameter can be manipulated to include and execute arbitrary remote scripts. The example URL demonstrates the attack vector but lacks executable code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: EPay Pro 2.0

No auth needed

Prerequisites: Access to the vulnerable 'index.php' endpoint · Ability to host a malicious script on a remote server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/14802

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111247198021626&w=2

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12973

Scores

EPSS 0.0267

EPSS Percentile 83.8%

Details

Status published

Products (1)

alstrasoft/epay 2.0

Published May 02, 2005

Tracked Since Feb 18, 2026