PHP Remote File Inclusion Vulnerability in Small Axe Weblog by Small Axe
CVE-2008-0376

Currently unrated

Key Information:

Vendor

Softpedia

Status
Small Axe Weblog
Vendor
CVE Published:
22 January 2008

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 21%

What is CVE-2008-0376?

A PHP remote file inclusion vulnerability exists in the Small Axe Weblog version 0.3.1, specifically in the inc/linkbar.php file. This security flaw allows remote attackers to execute arbitrary PHP code by manipulating the cfile parameter with a crafted URL. Successful exploitation can lead to full control over the affected system, potentially compromising sensitive data and overall functionality.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-0376 - Proof of Concept

References

http://secunia.com/advisories/28568
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/27345
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/39765
vdb-entryx_refsource_XF

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.