CVE-2008-0357

Galaxyscripts Mini File Host < 1.2.1 - Unauthenticated Path Traversal via Language Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-0357. PoCs published by shinmai, Scary-Boys.

AI-analyzed exploit summary This Perl script exploits a Local File Inclusion (LFI) vulnerability in Mini File Host (1.2.1 and earlier) by uploading a PHP file and then executing it through a POST request. The exploit leverages the 'language' parameter in upload.php to include and execute the uploaded file.

Description

Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by shinmai · perlwebappsphp
https://www.exploit-db.com/exploits/4940

This Perl script exploits a Local File Inclusion (LFI) vulnerability in Mini File Host (1.2.1 and earlier) by uploading a PHP file and then executing it through a POST request. The exploit leverages the 'language' parameter in upload.php to include and execute the uploaded file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mini File Host 1.2.1 and earlier
No auth needed
Prerequisites: Network access to the target · PHP file to upload
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Scary-Boys · textwebappsphp
https://www.exploit-db.com/exploits/4930

This is a writeup describing a Local File Inclusion (LFI) vulnerability in Mini File Host v1.2. The exploit details how to manipulate the 'language' parameter in the upload.php file to include arbitrary local files.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Mini File Host v1.2
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4930
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27327
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28504
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39799

Scores

EPSS 0.0235
EPSS Percentile 81.5%

Details

CWE
CWE-22
Status published
Products (1)
galaxyscripts/mini_file_host < 1.2.1
Published Jan 18, 2008
Tracked Since Feb 18, 2026