CVE-2013-1744

CRITICAL

iris_citations_management_tool < 1.3 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1744. PoCs published by aeon.

AI-analyzed exploit summary This exploit targets a preg_replace code execution vulnerability in phpwcms <= v1.5.4.6. It authenticates as a backend user, injects malicious code via a crafted article, and triggers remote code execution by leveraging the /e modifier in preg_replace.

Description

IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by aeon · phpwebappsphp

https://www.exploit-db.com/exploits/23448

View Code ZIP pw:eip

This exploit targets a preg_replace code execution vulnerability in phpwcms <= v1.5.4.6. It authenticates as a backend user, injects malicious code via a crafted article, and triggers remote code execution by leveraging the /e modifier in preg_replace.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: phpwcms <= v1.5.4.6

Auth required

Prerequisites: Valid backend/admin credentials · Access to the login page and article creation functionality

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

http://infosecabsurdity.wordpress.com/research/isa-2013-002/

Scores

CVSS v3 9.8

EPSS 0.1952

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

iris_citations_management_tool_project/iris_citations_management_tool < 1.3

Published Jan 25, 2020

Tracked Since Feb 18, 2026