Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-5115. PoCs published by black hat.
AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in DirPHP version 1.0, allowing an attacker to read arbitrary files on the server by manipulating the 'phpfile' parameter in the URL.
Description
Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by black hat · textwebappsphp
https://www.exploit-db.com/exploits/34173
This exploit demonstrates a Local File Inclusion (LFI) vulnerability in DirPHP version 1.0, allowing an attacker to read arbitrary files on the server by manipulating the 'phpfile' parameter in the URL.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
DirPHP - Version 1.0
No auth needed
Prerequisites:
Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/34173
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/127642/DirPHP-1.0-Local-File-Inclusion.html
Scores
EPSS
0.0626
EPSS Percentile
92.7%
Details
CWE
CWE-22
Status
published
Products (1)
dirphp_project/dirphp
1.0
Published
Jul 29, 2014
Tracked Since
Feb 18, 2026