CVE-2010-4878

Kontakt Formular 1.1 - Remote Code Execution via script_pfad Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4878. PoCs published by bd0rk.

AI-analyzed exploit summary The exploit describes a Remote File Inclusion (RFI) vulnerability in HINNENDAHL.COM Kontakt Formular 1.1 due to an uninitialized $script_pfad parameter in formmailer.php. An attacker can inject malicious PHP code via the script_pfad parameter to achieve remote code execution.

Description

PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by bd0rk · textwebappsphp

https://www.exploit-db.com/exploits/14809

View Code ZIP pw:eip

The exploit describes a Remote File Inclusion (RFI) vulnerability in HINNENDAHL.COM Kontakt Formular 1.1 due to an uninitialized $script_pfad parameter in formmailer.php. An attacker can inject malicious PHP code via the script_pfad parameter to achieve remote code execution.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: HINNENDAHL.COM Kontakt Formular 1.1

No auth needed

Prerequisites: Access to the vulnerable formmailer.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14809

Scores

EPSS 0.0210

EPSS Percentile 79.2%

Details

CWE

CWE-94

Status published

Products (1)

hinnendahl/kontakt_formular 1.1

Published Oct 07, 2011

Tracked Since Feb 18, 2026