CVE-2008-0488

VB Marketing - Path Traversal via tseekdir.cgi Location Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0488. PoCs published by Sw33t h4cK3r.

AI-analyzed exploit summary The provided text describes a local file inclusion vulnerability in VB Marketing due to improper input sanitization. An attacker can exploit this using directory traversal strings to access sensitive files like /etc/passwd.

Description

Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Sw33t h4cK3r · textwebappscgi
https://www.exploit-db.com/exploits/31071

The provided text describes a local file inclusion vulnerability in VB Marketing due to improper input sanitization. An attacker can exploit this using directory traversal strings to access sensitive files like /etc/passwd.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: VB Marketing (version unspecified)
No auth needed
Prerequisites: Network access to the vulnerable CGI script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39970
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3596
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27475
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/487174/100/0/threaded

Scores

EPSS 0.0233
EPSS Percentile 81.4%

Details

CWE
CWE-22
Status published
Products (1)
vb_marketing/vb_marketing
Published Jan 30, 2008
Tracked Since Feb 18, 2026