CVE-2008-0184

Sys-Hotel on Line System - Path Traversal via Encoded File Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0184. PoCs published by p4imi0.

AI-analyzed exploit summary The exploit demonstrates a local file inclusion vulnerability in SysHotel On Line System by leveraging directory traversal via the 'file' parameter in index.php. This allows an attacker to read arbitrary files on the server, such as /etc/passwd, leading to information disclosure.

Description

Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by p4imi0 · textwebappsphp

https://www.exploit-db.com/exploits/31000

View Code ZIP pw:eip

The exploit demonstrates a local file inclusion vulnerability in SysHotel On Line System by leveraging directory traversal via the 'file' parameter in index.php. This allows an attacker to read arbitrary files on the server, such as /etc/passwd, leading to information disclosure.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SysHotel On Line System

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3528

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27184

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/485940/100/0/threaded

Scores

EPSS 0.0213

EPSS Percentile 79.6%

Details

CWE

CWE-22

Status published

Products (1)

prenotazioni_on_line/syshotel_on_line_system

Published Jan 09, 2008

Tracked Since Feb 18, 2026