CVE-2008-0645

Portail Web Php 2.5.1.1 - Remote Code Execution via site_path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2008-0645. PoCs published by Psiczn.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in Portail Web Php 2.5.1.1, where unsanitized user input in the 'site_path' parameter allows arbitrary file inclusion. No actual exploit code is present, only a description and example URL.

Description

Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.php, (2) menu/item.php, and (3) modules/conf_modules.php in admin/system/; and (4) system/login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (4)

exploitdb WRITEUP VERIFIED
by Psiczn · textwebappsphp
https://www.exploit-db.com/exploits/31110

The provided text describes a remote file inclusion vulnerability in Portail Web Php 2.5.1.1, where unsanitized user input in the 'site_path' parameter allows arbitrary file inclusion. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Portail Web Php 2.5.1.1
No auth needed
Prerequisites: Network access to the target application · Target application must have allow_url_include enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Psiczn · textwebappsphp
https://www.exploit-db.com/exploits/31108

The provided text describes a remote file inclusion vulnerability in Portail Web Php 2.5.1.1 due to insufficient sanitization of user-supplied data. It includes an example URL demonstrating the exploit but lacks executable code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Portail Web Php 2.5.1.1
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Psiczn · textwebappsphp
https://www.exploit-db.com/exploits/31109

The code describes a remote file inclusion vulnerability in Portail Web Php 2.5.1.1 due to insufficient sanitization of user-supplied data. It provides an example URL demonstrating how an attacker could exploit this to include remote files.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Portail Web Php 2.5.1.1
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Psiczn · textwebappsphp
https://www.exploit-db.com/exploits/31107

The code describes a remote file inclusion vulnerability in Portail Web Php 2.5.1.1 due to insufficient sanitization of user-supplied data. The example URL demonstrates how an attacker could exploit this by injecting a malicious site_path parameter.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Portail Web Php 2.5.1.1
No auth needed
Prerequisites: Network access to the target application · The vulnerable parameter (site_path) must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27616

Scores

EPSS 0.3427
EPSS Percentile 98.2%

Details

CWE
CWE-94
Status published
Products (1)
portail_web_php/portail_web_php 2.5.1.1
Published Feb 07, 2008
Tracked Since Feb 18, 2026