CVE-2005-2633

PHPTB Topic Board < 2.0 - Remote PHP File Inclusion via absolutepath Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2005-2633. PoCs published by Filip Groszynski.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in PHPTB, where unsanitized user input allows arbitrary script execution. The example URL demonstrates the attack vector but lacks executable code.

Description

Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter.

Exploits (5)

exploitdb WRITEUP VERIFIED
by Filip Groszynski · textwebappsphp
https://www.exploit-db.com/exploits/26166

The provided text describes a remote file inclusion vulnerability in PHPTB, where unsanitized user input allows arbitrary script execution. The example URL demonstrates the attack vector but lacks executable code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: PHPTB (version not specified)
No auth needed
Prerequisites: Web server with PHPTB installed · Remote file inclusion enabled on the server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Filip Groszynski · textwebappsphp
https://www.exploit-db.com/exploits/26165

The provided text describes a remote file inclusion vulnerability in PHPTB due to improper input sanitization. It allows arbitrary server-side script execution via manipulated 'absolutepath' parameter.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: PHPTB (version not specified)
No auth needed
Prerequisites: Web server with PHPTB installed · Remote file inclusion enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Filip Groszynski · textwebappsphp
https://www.exploit-db.com/exploits/26164

The provided text describes a remote file inclusion vulnerability in PHPTB due to improper input sanitization. It allows arbitrary server-side script execution with web server privileges but lacks actual exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: PHPTB (version not specified)
No auth needed
Prerequisites: Web server with vulnerable PHPTB installation · Ability to host malicious script on attacker-controlled server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Filip Groszynski · textwebappsphp
https://www.exploit-db.com/exploits/26163

The provided text describes a remote file inclusion vulnerability in PHPTB due to improper input sanitization. It allows arbitrary server-side script execution with web server privileges but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: PHPTB (version not specified)
No auth needed
Prerequisites: Remote file inclusion must be enabled on the server · Attacker-controlled remote server hosting malicious script
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Filip Groszynski · textwebappsphp
https://www.exploit-db.com/exploits/26162

The provided text describes a remote file inclusion vulnerability in PHPTB due to improper input sanitization. An attacker can exploit this to execute arbitrary server-side script code by manipulating the 'absolutepath' parameter.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: PHPTB (version not specified)
No auth needed
Prerequisites: Access to the vulnerable PHPTB application · Ability to host malicious script on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112431407619802&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16492
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14592

Scores

EPSS 0.0290
EPSS Percentile 85.1%

Details

Status published
Products (1)
phptb/topic_boards < 2.0
Published Aug 23, 2005
Tracked Since Feb 18, 2026