CVE-2011-5147

FreeWebshop < 2.2.9 - Remote Code Execution via Ajax File Manager

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5147. PoCs published by EgiX.

AI-analyzed exploit summary This exploit leverages a vulnerability in FreeWebshop's ajax_save_name.php to manipulate the $selectedDocuments array, leading to arbitrary PHP code execution via the writeInfo function. It establishes a remote shell by injecting malicious PHP code into data.php.

Description

Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EgiX · textwebappsphp

https://www.exploit-db.com/exploits/18121

View Code ZIP pw:eip

This exploit leverages a vulnerability in FreeWebshop's ajax_save_name.php to manipulate the $selectedDocuments array, leading to arbitrary PHP code execution via the writeInfo function. It establishes a remote shell by injecting malicious PHP code into data.php.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FreeWebshop <= 2.2.9 R2

No auth needed

Prerequisites: Network access to the target · PHP and relevant extensions enabled on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18121

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/77162

Various Sources x_refsource_misc

http://www.freewebshop.org/forum/index.php?topic=5235.0

Scores

EPSS 0.0229

EPSS Percentile 80.9%

Details

CWE

CWE-94

Status published

Products (11)

freewebshop/freewebshop 2.1

freewebshop/freewebshop 2.2.1

freewebshop/freewebshop 2.2.2

freewebshop/freewebshop 2.2.3

freewebshop/freewebshop 2.2.4

freewebshop/freewebshop 2.2.5

freewebshop/freewebshop 2.2.6

freewebshop/freewebshop 2.2.7

freewebshop/freewebshop 2.2.7_wip1_2

freewebshop/freewebshop 2.2.9

... and 1 more

Published Aug 31, 2012

Tracked Since Feb 18, 2026