CVE-2010-3742

Free Simple CMS 1.0 - Remote Code Execution via Meta or PHPINCDIR Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3742. PoCs published by Dr.$audi.

AI-analyzed exploit summary This is a writeup describing an RFI (Remote File Inclusion) vulnerability in Free Simple Software V1.0. It provides URLs for exploitation but lacks actual exploit code.

Description

Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) meta or (2) phpincdir parameter, a different issue than CVE-2010-3307.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Dr.$audi · textwebappsphp

https://www.exploit-db.com/exploits/14672

View Code ZIP pw:eip

This is a writeup describing an RFI (Remote File Inclusion) vulnerability in Free Simple Software V1.0. It provides URLs for exploitation but lacks actual exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Free Simple Software V1.0

No auth needed

Prerequisites: vulnerable version of Free Simple Software V1.0 · ability to host a malicious shell script

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14672/

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/41001

Exploit x_refsource_misc

http://packetstormsecurity.org/1008-exploits/freesimplesoftware-rfi.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/67239

Scores

EPSS 0.0235

EPSS Percentile 81.6%

Details

CWE

CWE-94

Status published

Products (1)

dustincowell/free_simple_cms 1.0

Published Oct 05, 2010

Tracked Since Feb 18, 2026