CVE-2009-0610

Simple PHP News 1.0 final - Code Injection

Title source: llm

Description

Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC
perlwebappsphp
https://www.exploit-db.com/exploits/7999

References (2)

Scores

EPSS 0.0248
EPSS Percentile 85.1%

Classification

CWE
CWE-94
Status draft

Affected Products (1)

dminnich/simple_php_news

Timeline

Published Feb 17, 2009
Tracked Since Feb 18, 2026