CVE-2009-1025

Beerwin PHPLinkAdmin 1.0 - Remote Code Execution via Page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1025. PoCs published by SirGod.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) and SQL Injection (SQLi) vulnerability in Beerwin's PHPLinkAdmin 1.0. The RFI allows arbitrary file inclusion via the 'page' parameter, while the SQLi enables database information extraction via the 'linkid' parameter.

Description

PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/8216

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) and SQL Injection (SQLi) vulnerability in Beerwin's PHPLinkAdmin 1.0. The RFI allows arbitrary file inclusion via the 'page' parameter, while the SQLi enables database information extraction via the 'linkid' parameter.

Classification

Working Poc 90%

Attack Type

Rce | Sqli

Complexity

Trivial

Reliability

Reliable

Target: Beerwin's PHPLinkAdmin 1.0

No auth needed

Prerequisites: Network access to the target application · PHPLinkAdmin 1.0 installed and accessible

MITRE ATT&CK