CVE-2009-0275

Ryneezy phoSheezy 0.2 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0275. PoCs published by Osirys.

AI-analyzed exploit summary This exploit targets a remote command execution vulnerability in Phosheezy 2.0 by extracting the admin password, logging in, and injecting malicious PHP code into a template to achieve RCE. It then provides an interactive shell for command execution.

Description

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Osirys · perlwebappsphp

https://www.exploit-db.com/exploits/7780

View Code ZIP pw:eip

This exploit targets a remote command execution vulnerability in Phosheezy 2.0 by extracting the admin password, logging in, and injecting malicious PHP code into a template to achieve RCE. It then provides an interactive shell for command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Phosheezy 2.0

No auth needed

Prerequisites: Target must be running Phosheezy 2.0 with accessible admin interface · Network access to the target web server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/51412

Exploit third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33531

Scores

EPSS 0.0465

EPSS Percentile 90.6%

Details

CWE

CWE-94

Status published

Products (1)

ryneezy/phosheezy 0.2

Published Jan 26, 2009

Tracked Since Feb 18, 2026