CVE-2008-0545

Bubbling Library 1.32 - Path Traversal via URI or Page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0545. PoCs published by Stack.

AI-analyzed exploit summary This is a writeup detailing multiple Local File Inclusion (LFI) vulnerabilities in the bubbling library v1.32. It provides example URLs to exploit the vulnerabilities but does not include executable code.

Description

Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Stack · textwebappsphp
https://www.exploit-db.com/exploits/4991

This is a writeup detailing multiple Local File Inclusion (LFI) vulnerabilities in the bubbling library v1.32. It provides example URLs to exploit the vulnerabilities but does not include executable code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: bubbling library v1.32
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39969
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27466
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4991
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0347

Scores

EPSS 0.0229
EPSS Percentile 80.9%

Details

CWE
CWE-22
Status published
Products (1)
bubbling_library/bubbling_library 1.32
Published Feb 01, 2008
Tracked Since Feb 18, 2026