CVE-2009-0251

Ryneezy phoSheezy 0.2 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0251. PoCs published by Osirys.

AI-analyzed exploit summary This exploit targets a remote command execution vulnerability in Phosheezy 2.0 by extracting the admin password, logging in, and injecting malicious PHP code into a template to achieve RCE. It then provides an interactive shell for command execution.

Description

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Osirys · perlwebappsphp

https://www.exploit-db.com/exploits/7780

View Code ZIP pw:eip

This exploit targets a remote command execution vulnerability in Phosheezy 2.0 by extracting the admin password, logging in, and injecting malicious PHP code into a template to achieve RCE. It then provides an interactive shell for command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Phosheezy 2.0

No auth needed

Prerequisites: Target must be running Phosheezy 2.0 with accessible admin interface · Network access to the target web server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4935

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/51412

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7780

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33531

Scores

EPSS 0.0556

EPSS Percentile 91.8%

Details

CWE

CWE-94

Status published

Products (1)

ryneezy/phosheezy 0.2

Published Jan 22, 2009

Tracked Since Feb 18, 2026