Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-4222. PoCs published by kurdish hackers team.
AI-analyzed exploit summary This is a writeup describing an unauthenticated access vulnerability in phpBazar-2.1.1fix's admin panel. The exploit simply points to the admin.php URL, which is accessible without authentication.
Description
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by kurdish hackers team · textwebappsphp
https://www.exploit-db.com/exploits/10233
This is a writeup describing an unauthenticated access vulnerability in phpBazar-2.1.1fix's admin panel. The exploit simply points to the admin.php URL, which is accessible without authentication.
Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
phpBazar-2.1.1fix
No auth needed
Prerequisites:
none
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/0911-exploits/phpbazar-access.txt
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37132
Scores
EPSS
0.0220
EPSS Percentile
80.2%
Details
CWE
CWE-264
Status
published
Products (4)
smartisoft/phpbazar
2.0.2
smartisoft/phpbazar
2.1.0
smartisoft/phpbazar
2.1.1fix
smartisoft/phpbazar
< 2.1.1
Published
Dec 07, 2009
Tracked Since
Feb 18, 2026