CVE-2005-2251

PHPSecurePages <= 0.28beta - Remote File Inclusion via cfgProgDir Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2251. PoCs published by D_7J.

AI-analyzed exploit summary This is a writeup describing a remote file inclusion vulnerability in phpsecurepages. The vulnerability allows an attacker to include arbitrary remote files via the `cfgProgDir` parameter in `secure.php`.

Description

PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468.

Exploits (1)

exploitdb WRITEUP VERIFIED
by D_7J · textwebappsphp
https://www.exploit-db.com/exploits/2452

This is a writeup describing a remote file inclusion vulnerability in phpsecurepages. The vulnerability allows an attacker to include arbitrary remote files via the `cfgProgDir` parameter in `secure.php`.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: phpsecurepages (all versions)
No auth needed
Prerequisites: Target must have phpsecurepages installed · Remote file inclusion must be enabled on the server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2452
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29263
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15994
Exploit, Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1014410
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14201

Scores

EPSS 0.0494
EPSS Percentile 91.0%

Details

Status published
Products (18)
secure_reality/phpsecurepages 0.11_beta
secure_reality/phpsecurepages 0.12_beta
secure_reality/phpsecurepages 0.13_beta
secure_reality/phpsecurepages 0.14_beta
secure_reality/phpsecurepages 0.15_beta
secure_reality/phpsecurepages 0.16_beta
secure_reality/phpsecurepages 0.17_beta
secure_reality/phpsecurepages 0.18_beta
secure_reality/phpsecurepages 0.19_beta
secure_reality/phpsecurepages 0.20_beta
... and 8 more
Published Jul 13, 2005
Tracked Since Feb 18, 2026