CVE-2009-0610

Simple PHP News 1.0 final - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0610.

AI-analyzed exploit summary This Perl script exploits a remote command execution vulnerability in Simple PHP News 1.0 Final by injecting malicious PHP code into the 'post' parameter, which is then executed via the 'display.php' script. The exploit establishes a shell-like interface for command execution on the target system.

Description

Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC
perlwebappsphp
https://www.exploit-db.com/exploits/7999

This Perl script exploits a remote command execution vulnerability in Simple PHP News 1.0 Final by injecting malicious PHP code into the 'post' parameter, which is then executed via the 'display.php' script. The exploit establishes a shell-like interface for command execution on the target system.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Simple PHP News 1.0 Final
No auth needed
Prerequisites: Magic Quotes must be disabled on the target server · Target must be running Simple PHP News 1.0 Final
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/51816
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33814

Scores

EPSS 0.0482
EPSS Percentile 90.8%

Details

CWE
CWE-94
Status published
Products (1)
dminnich/simple_php_news 1.0
Published Feb 17, 2009
Tracked Since Feb 18, 2026