CVE-2020-10224

CRITICAL

PHPGurukul Online Book Store 1.0 - Unauthenticated Arbitrary File Upload via admin_add.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10224. PoCs published by Tib3rius.

AI-analyzed exploit summary This exploit targets an unauthenticated file upload vulnerability in Online Book Store 1.0, allowing an attacker to upload a PHP web shell and execute arbitrary commands. The script automates the upload and provides an interactive shell if successful.

Description

An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tib3rius · pythonwebappsphp
https://www.exploit-db.com/exploits/47887

This exploit targets an unauthenticated file upload vulnerability in Online Book Store 1.0, allowing an attacker to upload a PHP web shell and execute arbitrary commands. The script automates the upload and provides an interactive shell if successful.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Online Book Store 1.0
No auth needed
Prerequisites: Target URL · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/47887
Third Party Advisory x_refsource_misc
https://tib3rius.com/cves.html

Scores

CVSS v3 9.8
EPSS 0.0547
EPSS Percentile 91.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
phpgurukul/online_book_store 1.0
Published Mar 08, 2020
Tracked Since Feb 18, 2026