CVE-2005-2412

PHP FirstPost - Remote File Inclusion via Include Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2412.

AI-analyzed exploit summary This is a functional remote file inclusion (RFI) exploit for PhpFirstPost 0.1, leveraging a vulnerable 'Include' parameter in 'block.php' to execute arbitrary PHP code from a remote server. The exploit uses JavaScript to construct and submit a malicious request to the target.

Description

PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter.

Exploits (1)

exploitdb WORKING POC
htmlwebappsphp
https://www.exploit-db.com/exploits/3906

This is a functional remote file inclusion (RFI) exploit for PhpFirstPost 0.1, leveraging a vulnerable 'Include' parameter in 'block.php' to execute arbitrary PHP code from a remote server. The exploit uses JavaScript to construct and submit a malicious request to the target.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: PhpFirstPost 0.1
No auth needed
Prerequisites: Target must have PhpFirstPost 0.1 installed · Remote PHP shell must be accessible
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21513
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112230599222543&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/18394
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1014563
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14371

Scores

EPSS 0.0320
EPSS Percentile 87.3%

Details

Status published
Products (1)
php_firstpost/php_firstpost
Published Aug 03, 2005
Tracked Since Feb 18, 2026