CVE-2010-4914
PHP Classifieds 7.3 - Remote Code Execution via lang_path Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-4914. PoCs published by alsa7r.
AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in PHP Classifieds v7.3. The vulnerability arises from the `SetLanguage` function in `class.phpmailer.php`, which includes a file path controlled by the `lang_path` parameter without proper validation.
Description
PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter.
Exploits (1)
This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in PHP Classifieds v7.3. The vulnerability arises from the `SetLanguage` function in `class.phpmailer.php`, which includes a file path controlled by the `lang_path` parameter without proper validation.