CVE-2008-0167

GForge - Unspecified Impact via Configuration File Truncation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0167.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in phpQLAdmin 2.2.7 by manipulating the `_SESSION[path]` parameter in `ezmlm.php` and `update_translations.php` to include a remote shell. The attack leverages improper input validation to execute arbitrary code.

Description

The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/5173

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in phpQLAdmin 2.2.7 by manipulating the `_SESSION[path]` parameter in `ezmlm.php` and `update_translations.php` to include a remote shell. The attack leverages improper input validation to execute arbitrary code.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: phpQLAdmin 2.2.7

No auth needed

Prerequisites: Remote shell accessible via URL · Target server with vulnerable phpQLAdmin installation

MITRE ATT&CK