CVE-2009-3065

Rein Velt Vedit - Code Injection

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3065. PoCs published by RoMaNcYxHaCkEr.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in Ve-EDIT v0.1.4. The PoC shows how an attacker can include a remote file (e.g., c99.txt) via the 'highlighter' parameter in the 'edit_htmlarea.php' script.

Description

PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RoMaNcYxHaCkEr · textwebappsphp

https://www.exploit-db.com/exploits/9577

View Code ZIP pw:eip

This exploit demonstrates a Remote File Include (RFI) vulnerability in Ve-EDIT v0.1.4. The PoC shows how an attacker can include a remote file (e.g., c99.txt) via the 'highlighter' parameter in the 'edit_htmlarea.php' script.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Ve-EDIT v0.1.4

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to host a malicious file on a remote server

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2522

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9577

Scores

EPSS 0.0219

EPSS Percentile 80.1%

Details

CWE

CWE-94

Status published

Products (1)

rein_velt/vedit 01.4

Published Sep 03, 2009

Tracked Since Feb 18, 2026