CVE-2010-0975

PHPCityPortal - Remote Code Execution via external.php URL Parameter

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0975. PoCs published by R3d-D3V!L.

AI-analyzed exploit summary The document describes SQL injection and remote file inclusion vulnerabilities in PhpCityPortal software, providing specific URLs and parameters for exploitation. It includes technical details about the vulnerabilities but does not contain functional exploit code.

Description

PHP remote file inclusion vulnerability in external.php in PHPCityPortal allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by R3d-D3V!L · textwebappsphp

https://www.exploit-db.com/exploits/11678

View Code ZIP pw:eip

The document describes SQL injection and remote file inclusion vulnerabilities in PhpCityPortal software, providing specific URLs and parameters for exploitation. It includes technical details about the vulnerabilities but does not contain functional exploit code.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: PhpCityPortal

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/56812

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/11678

Exploit x_refsource_misc

http://packetstormsecurity.org/1003-exploits/phpcityportal-sqlrfi.txt

Scores

EPSS 0.0299

EPSS Percentile 85.6%

Details

CWE

CWE-94

Status published

Products (1)

phpcityportal/phpcityportal

Published Mar 16, 2010

Tracked Since Feb 18, 2026