CVE-2008-0433

Agares phpAutoVideo < 2.21 - Remote Code Execution via Loadpage Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0433. PoCs published by H-T Team.

AI-analyzed exploit summary The provided text describes a remote file inclusion (RFI) and cross-site scripting (XSS) vulnerability in phpAutoVideo 2.21. It includes a URL example demonstrating how an attacker could exploit the RFI vulnerability by injecting a shell via the 'loadpage' parameter.

Description

PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614.

Exploits (1)

exploitdb WRITEUP VERIFIED

by H-T Team · textwebappsphp

https://www.exploit-db.com/exploits/31037

View Code ZIP pw:eip

The provided text describes a remote file inclusion (RFI) and cross-site scripting (XSS) vulnerability in phpAutoVideo 2.21. It includes a URL example demonstrating how an attacker could exploit the RFI vulnerability by injecting a shell via the 'loadpage' parameter.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: phpAutoVideo 2.21

No auth needed

Prerequisites: Target application must be running phpAutoVideo 2.21 or an affected version · Remote file inclusion must be enabled on the server

MITRE ATT&CK