CVE-2005-1870

Popper <= 1.41-r2 - Remote File Inclusion via childwindow.inc.php Form Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1870. PoCs published by Leon Juranic.

AI-analyzed exploit summary The code describes a remote file inclusion vulnerability in Popper due to improper input sanitization. An attacker can exploit this to execute arbitrary server-side script code by manipulating the 'form' parameter in the URL.

Description

PHP remote file inclusion vulnerability in childwindow.inc.php in Popper 1.41-r2 and earlier allows remote attackers to execute arbitrary PHP code via the form parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Leon Juranic · textwebappsphp

https://www.exploit-db.com/exploits/25788

View Code ZIP pw:eip

The code describes a remote file inclusion vulnerability in Popper due to improper input sanitization. An attacker can exploit this to execute arbitrary server-side script code by manipulating the 'form' parameter in the URL.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Popper (version not specified)

No auth needed

Prerequisites: Access to the target URL · Ability to host malicious script on an external server

MITRE ATT&CK