CVE-2010-1299

dynpg < 4.1.0 - Remote Code Execution via PHP File Inclusion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-1299. PoCs published by eidelweiss.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in DynPG CMS v4.1.0, including Remote File Inclusion (RFI) and Local File Inclusion (LFI) due to improper input validation and insecure file inclusion practices. The PoC provides specific URLs to exploit these vulnerabilities under certain PHP configurations (register_globals=On, magic_quotes=Off).

Description

Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC
by eidelweiss · textwebappsphp
https://www.exploit-db.com/exploits/12018

This exploit demonstrates multiple vulnerabilities in DynPG CMS v4.1.0, including Remote File Inclusion (RFI) and Local File Inclusion (LFI) due to improper input validation and insecure file inclusion practices. The PoC provides specific URLs to exploit these vulnerabilities under certain PHP configurations (register_globals=On, magic_quotes=Off).

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: DynPG CMS v4.1.0
No auth needed
Prerequisites: register_globals=On · magic_quotes=Off · access to vulnerable endpoints
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by eidelweiss · textwebappsphp
https://www.exploit-db.com/exploits/11994

This exploit demonstrates multiple remote file inclusion (RFI) and local file inclusion (LFI) vulnerabilities in DynPG CMS v4.1.0. The PoC provides specific endpoints and parameters that can be manipulated to include arbitrary files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: DynPG CMS v4.1.0
No auth needed
Prerequisites: Network access to the target application · Ability to craft HTTP requests with malicious parameters
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/11994
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39185
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/510477/100/0/threaded
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39168
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/63415

Scores

EPSS 0.1073
EPSS Percentile 95.3%

Details

CWE
CWE-94
Status published
Products (1)
dynpg/dynpg < 4.1.0
Published Apr 07, 2010
Tracked Since Feb 18, 2026