PHP Remote File Inclusion Vulnerability in Multi SEO by phpBB
CVE-2008-6377

Currently unrated

Key Information:

Vendor

PHPbb-seo

Status
Multi Seo PHPbb
Vendor
CVE Published:
2 March 2009

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2008-6377?

A PHP remote file inclusion vulnerability exists in the Multi SEO plugin for phpBB version 1.1.0. This flaw allows remote attackers to execute arbitrary PHP code on the server by manipulating the 'pfad' parameter within the 'include/global.php' file, potentially compromising sensitive data and server integrity.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-6377 - Proof of Concept

References

http://www.securityfocus.com/bid/32619
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/47069
vdb-entryx_refsource_XF
https://www.exploit-db.com/exploits/7335
exploitx_refsource_EXPLOIT-DB

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.