CVE-2015-2208

EXPLOITED

phpMoAdmin 1.1.2 - Remote Code Execution via Object Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-2208 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including @u0x, ptantiku, including a Metasploit module exploits/multi/http/phpmoadmin_exec.

AI-analyzed exploit summary This exploit demonstrates an unauthorized remote code execution vulnerability in PHPMoAdmin via the 'object' POST parameter, which is evaluated as PHP code due to an unsafe 'eval' call in the 'saveObject' function.

Description

The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.

Exploits (3)

exploitdb WORKING POC
by @u0x · textwebappsphp
https://www.exploit-db.com/exploits/36251

This exploit demonstrates an unauthorized remote code execution vulnerability in PHPMoAdmin via the 'object' POST parameter, which is evaluated as PHP code due to an unsafe 'eval' call in the 'saveObject' function.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: PHPMoAdmin (version not specified)
No auth needed
Prerequisites: Access to the target's 'moadmin.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by ptantiku · poc
https://github.com/ptantiku/cve-2015-2208

This repository contains a Dockerized environment and a simple curl command to exploit CVE-2015-2208, a command injection vulnerability in phpMoAdmin 1.1.2 via the 'object' parameter in moadmin.php.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: phpMoAdmin 1.1.2
No auth needed
Prerequisites: Docker · Access to the target phpMoAdmin instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/phpmoadmin_exec.rb

This Metasploit module exploits a PHP command execution vulnerability in PHPMoAdmin 1.1.2 by injecting arbitrary PHP code via the 'object' parameter, leveraging a dangerous use of eval().

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: PHPMoAdmin 1.1.2
No auth needed
Prerequisites: Network access to the target application · PHPMoAdmin 1.1.2 installed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Mar/19
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/36251
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/03/04/4
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/03/04/5

Scores

EPSS 0.6218
EPSS Percentile 99.1%

Details

VulnCheck KEV 2020-12-01
CWE
CWE-77
Status published
Products (1)
avinu/phpmoadmin 1.1.2
Published Mar 12, 2015
Tracked Since Feb 18, 2026