CVE-2008-6543

ComScripts Quick Classifieds 1.0 - Remote File Inclusion via DOCUMENT_ROOT Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 36 public exploits for CVE-2008-6543. PoCs published by ZoRLu.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Description

Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3, (8) pass.php3, (9) remember.php3 (10) sign-up.php3, (11) update.php3, (12) userSet.php3, and (13) verify.php3 in controlcenter/; (14) alterCats.php3, (15) alterFeatured.php3, (16) alterHomepage.php3, (17) alterNews.php3, (18) alterTheme.php3, (19) color_help.php3, (20) createdb.php3, (21) createFeatured.php3, (22) createHomepage.php3, (23) createL.php3, (24) createM.php3, (25) createNews.php3, (26) createP.php3, (27) createS.php3, (28) createT.php3, (29) index.php3, (30) mailadmin.php3, and (31) setUp.php3 in controlpannel/; (32) include/sendit.php3 and (33) include/sendit2.php3; and possibly (34) include/adminHead.inc, (35) include/usersHead.inc, and (36) style/default.scheme.inc.

Exploits (36)

exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31514

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Target application must be running Quick Classifieds 1.0 · Remote file inclusion must be enabled on the server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31481

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data in the 'DOCUMENT_ROOT' parameter allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Target application must be running a vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31480

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Knowledge of the target path
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31513

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Knowledge of the target application's path structure
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31511

This exploit demonstrates a remote file inclusion vulnerability in Quick Classifieds 1.0 by manipulating the DOCUMENT_ROOT parameter in sendit2.php3. An attacker can include arbitrary remote files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31510

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · File inclusion vulnerability in the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31512

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0 due to insufficient sanitization of user-supplied data. The example URL demonstrates how an attacker could exploit this by manipulating the DOCUMENT_ROOT parameter.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · The vulnerable parameter must be accessible and unsanitized
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31509

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates how an attacker could exploit this by manipulating the DOCUMENT_ROOT parameter.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · The vulnerable parameter (DOCUMENT_ROOT) must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31508

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the exploitation vector but lacks executable code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Target application must be running a vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31507

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Target application must be running a vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31506

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates how an attacker could exploit this by manipulating the DOCUMENT_ROOT parameter.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Access to the target URL · Knowledge of the application's path structure
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31505

This exploit demonstrates a remote file inclusion vulnerability in Quick Classifieds 1.0 by manipulating the DOCUMENT_ROOT parameter to include an arbitrary file (ZoRLu.txt). The vulnerability arises from insufficient sanitization of user-supplied input.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Access to the target URL · Ability to host a malicious file (ZoRLu.txt) on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31504

This exploit demonstrates a remote file inclusion vulnerability in Quick Classifieds 1.0 by manipulating the DOCUMENT_ROOT parameter to include an arbitrary file (ZoRLu.txt). The vulnerability arises from insufficient sanitization of user-supplied input.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Access to the target URL · Ability to host a malicious file (ZoRLu.txt) on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31502

This exploit demonstrates a remote file inclusion vulnerability in Quick Classifieds 1.0 by manipulating the DOCUMENT_ROOT parameter to include an arbitrary file (ZoRLu.txt). The vulnerability arises from insufficient sanitization of user-supplied input.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Target application must be running Quick Classifieds 1.0 · Remote file inclusion must be enabled on the server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31501

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the exploitation vector but lacks executable code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Target application must be running a vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31500

This exploit demonstrates a remote file inclusion vulnerability in Quick Classifieds 1.0 by manipulating the DOCUMENT_ROOT parameter in createHomepage.php3. The lack of input sanitization allows an attacker to include arbitrary remote files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Remote file hosting for malicious payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31499

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but does not include executable exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Vulnerable version of Quick Classifieds
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31498

This exploit demonstrates a remote file inclusion vulnerability in Quick Classifieds 1.0 by manipulating the DOCUMENT_ROOT parameter in createdb.php3. An attacker can include arbitrary remote files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31497

This exploit demonstrates a remote file inclusion vulnerability in Quick Classifieds 1.0 due to insufficient sanitization of the DOCUMENT_ROOT parameter in color_help.php3. An attacker can include arbitrary remote files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31496

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates how an attacker could exploit this by manipulating the DOCUMENT_ROOT parameter.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to craft malicious URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31494

This exploit demonstrates a remote file inclusion vulnerability in Quick Classifieds 1.0 by manipulating the DOCUMENT_ROOT parameter in alterHomepage.php3. The vulnerability allows an attacker to include arbitrary remote files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Remote file hosting for malicious payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31493

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Target application must be running a vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31492

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates how an attacker could exploit this by injecting a malicious file path via the DOCUMENT_ROOT parameter.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Target application must be running Quick Classifieds 1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31491

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion via the DOCUMENT_ROOT parameter. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to craft a malicious URL with a remote or local file path
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31490

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates how an attacker could exploit this by injecting a malicious file path via the DOCUMENT_ROOT parameter.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Target application must be running a vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31489

This exploit demonstrates a remote file inclusion vulnerability in Quick Classifieds 1.0 by manipulating the DOCUMENT_ROOT parameter in update.php3. An attacker can include arbitrary remote files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Target application must have allow_url_include enabled in PHP configuration
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31488

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Target application must be running a vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31487

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates how an attacker could exploit this by injecting a malicious path via the DOCUMENT_ROOT parameter.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to craft a malicious URL with arbitrary file inclusion
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31486

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but does not include executable exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Target application must be running Quick Classifieds 1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31485

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Target application must be running Quick Classifieds 1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31484

This exploit demonstrates a remote file inclusion vulnerability in Quick Classifieds 1.0 due to insufficient sanitization of the DOCUMENT_ROOT parameter. An attacker can include arbitrary remote files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31483

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Target application must be running a vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31482

This exploit demonstrates a remote file inclusion vulnerability in Quick Classifieds 1.0 by manipulating the DOCUMENT_ROOT parameter to include an arbitrary file (ZoRLu.txt). The vulnerability arises from insufficient sanitization of user-supplied input.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Target application must be running Quick Classifieds 1.0 · Remote file inclusion must be enabled on the server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31503

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Knowledge of the target path
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31495

The provided text describes a remote file inclusion vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Target application must be running a vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textremotephp
https://www.exploit-db.com/exploits/31479

The provided text describes a remote file-include vulnerability in Quick Classifieds 1.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Quick Classifieds 1.0
No auth needed
Prerequisites: Network access to the target application · Target application running Quick Classifieds 1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42469
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28417

Scores

EPSS 0.0254
EPSS Percentile 82.9%

Details

CWE
CWE-94
Status published
Products (1)
comscripts/quick_classifieds 1.0
Published Mar 30, 2009
Tracked Since Feb 18, 2026