CVE-2010-2315

SmartISoft phpBazar 2.1.1 - Remote Code Execution via Picturelib.php Cat Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2315. PoCs published by Sid3^effects.

AI-analyzed exploit summary This is a writeup describing a remote file inclusion (RFI) vulnerability in phpBazar V2.1.1. The vulnerability allows an attacker to include remote files via the 'cat' parameter in the 'picturelib.php' script.

Description

PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter.

Exploits (1)

exploitdb WRITEUP

by Sid3^effects · textwebappsphp

https://www.exploit-db.com/exploits/12855

View Code ZIP pw:eip

This is a writeup describing a remote file inclusion (RFI) vulnerability in phpBazar V2.1.1. The vulnerability allows an attacker to include remote files via the 'cat' parameter in the 'picturelib.php' script.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: phpBazar V2.1.1

No auth needed

Prerequisites: network access to the target server · phpBazar V2.1.1 installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/59127

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/40546

Exploit, Third Party Advisory x_refsource_misc

http://www.exploit-db.com/exploits/12855/

Scores

EPSS 0.0582

EPSS Percentile 92.2%

Details

CWE

CWE-94

Status published

Products (1)

smartisoft/phpbazar 2.1.1

Published Jun 17, 2010

Tracked Since Feb 18, 2026