CVE-2008-0819

PlutoStatus Locator 1.0 pre alpha - Path Traversal via Page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0819. PoCs published by muuratsalo.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in PlutoStatus Locator 1.0pre alpha. It explains the vulnerability and provides a proof-of-concept URL to exploit it via directory traversal.

Description

Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by muuratsalo · textwebappsphp
https://www.exploit-db.com/exploits/31202

The provided text describes a local file inclusion (LFI) vulnerability in PlutoStatus Locator 1.0pre alpha. It explains the vulnerability and provides a proof-of-concept URL to exploit it via directory traversal.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PlutoStatus Locator 1.0pre alpha
No auth needed
Prerequisites: Network access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3667
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27802
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488141/100/0/threaded

Scores

EPSS 0.0227
EPSS Percentile 80.8%

Details

CWE
CWE-22
Status published
Products (1)
plutostatus/plutostatus_locator 1.0pre_alpha
Published Feb 19, 2008
Tracked Since Feb 18, 2026