CVE-2009-0517

phpslash <= 0.8.1.1 - Remote Code Execution via Fields Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0517. PoCs published by DarkFig.

AI-analyzed exploit summary This exploit targets a remote code execution vulnerability in phpslash <= 0.8.1.1 by injecting malicious PHP code via the 'fields' parameter. It bypasses single quotes and magic_quotes_gpc to execute arbitrary commands on the target system.

Description

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by DarkFig · phpwebappsphp
https://www.exploit-db.com/exploits/7948

This exploit targets a remote code execution vulnerability in phpslash <= 0.8.1.1 by injecting malicious PHP code via the 'fields' parameter. It bypasses single quotes and magic_quotes_gpc to execute arbitrary commands on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: phpslash <= 0.8.1.1
No auth needed
Prerequisites: Target must be running phpslash <= 0.8.1.1 · PHP must be installed on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33717
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33572
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48441
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7948
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/51727
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500664/100/0/threaded

Scores

EPSS 0.4527
EPSS Percentile 98.6%

Details

CWE
CWE-94
Status published
Products (11)
phpslash/phpslash
phpslash/phpslash 0.5.3.2
phpslash/phpslash 0.6
phpslash/phpslash 0.6.1
phpslash/phpslash 0.6.2
phpslash/phpslash 0.7.1
phpslash/phpslash 0.7.2
phpslash/phpslash 0.8.0
phpslash/phpslash 0.8.1
phpslash/phpslash 0.61
... and 1 more
Published Feb 11, 2009
Tracked Since Feb 18, 2026