CVE-2008-0149

TUTOS 1.3 - Information Exposure via phpinfo.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0149. PoCs published by Houssamix.

AI-analyzed exploit summary The exploit demonstrates a command execution vulnerability in TUTOS version 1.3 via an unauthenticated endpoint. The PoC shows direct command injection through the 'cmd' parameter in the admin interface without requiring authentication.

Description

TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Houssamix · textwebappsphp

https://www.exploit-db.com/exploits/4861

View Code ZIP pw:eip

The exploit demonstrates a command execution vulnerability in TUTOS version 1.3 via an unauthenticated endpoint. The PoC shows direct command injection through the 'cmd' parameter in the admin interface without requiring authentication.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: TUTOS 1.3

No auth needed

Prerequisites: Access to the target web server · TUTOS 1.3 installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28291

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4861

Scores

EPSS 0.0754

EPSS Percentile 93.7%

Details

Status published

Products (1)

tutos/tutos 1.3

Published Jan 09, 2008

Tracked Since Feb 18, 2026