EXPLOITDB-EDB-7400

EXPLOITDB text VERIFIED WORKING POC

Exploit for CVE-2008-5566 - Triangle Solutions PHP Multiple Newsletters 2.7 - XSS

AI Analysis

The exploit demonstrates a Local File Inclusion (LFI) and Cross-Site Scripting (XSS) vulnerability in PHP_Multiple_Newsletters v2.7. The LFI occurs due to unsanitized user input in the 'lang' parameter, while the XSS is triggered via improper handling of user input in the URL.

Attack Type

XSS

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

Loading exploit code...

Download ZIP Password: eip

Source

Platform Exploitdb

Type webapps

Platform php

Language text

Files 1

https://www.exploit-db.com/exploits/7400

Authors

ahmadbady

Vulnerability

CVE-2008-5566

Triangle Solutions PHP Multiple Newsletters 2.7 - XSS