CVE-2005-2192

SimplePHPBlog 0.4.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2192.

AI-analyzed exploit summary This Perl script exploits multiple vulnerabilities in SimplePHPBlog v0.4.0, including arbitrary file upload, password hash retrieval, and file deletion. It demonstrates a full exploit chain to achieve remote command execution via uploaded PHP scripts.

Description

SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack.

Exploits (1)

exploitdb WORKING POC

perlwebappsphp

https://www.exploit-db.com/exploits/1191

View Code ZIP pw:eip

This Perl script exploits multiple vulnerabilities in SimplePHPBlog v0.4.0, including arbitrary file upload, password hash retrieval, and file deletion. It demonstrates a full exploit chain to achieve remote command execution via uploaded PHP scripts.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SimplePHPBlog v0.4.0

No auth needed

Prerequisites: Network access to the target · SimplePHPBlog v0.4.0 installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/15954

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=112075901100640&w=2

Scores

EPSS 0.0406

EPSS Percentile 89.3%

Details

Status published

Products (1)

alexander_palmo/simple_php_blog 0.4.0

Published Jul 11, 2005

Tracked Since Feb 18, 2026