CVE-2009-0643

Simple PHP News 1.0 - Code Injection

Title source: llm

Description

Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Osirys · perlwebappsphp
https://www.exploit-db.com/exploits/7999

References (5)

Scores

EPSS 0.0480
EPSS Percentile 89.5%

Details

CWE
CWE-94
Status published
Products (1)
dminnich/simple_php_news 1.0
Published Feb 20, 2009
Tracked Since Feb 18, 2026