CVE-2009-0610

Simple PHP News 1.0 final - Code Injection

Title source: llm

Description

Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC
perlwebappsphp
https://www.exploit-db.com/exploits/7999

References (2)

Scores

EPSS 0.0361
EPSS Percentile 87.8%

Details

CWE
CWE-94
Status published
Products (1)
dminnich/simple_php_news 1.0
Published Feb 17, 2009
Tracked Since Feb 18, 2026