CVE-2008-1126

Barryvan Compo Manager 0.3 - Remote Code Execution via main.php pageURL Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1126. PoCs published by MhZ91.

AI-analyzed exploit summary This is a writeup describing a Remote File Inclusion (RFI) vulnerability in barryvancompo-0.3. The vulnerability arises from an undefined 'pageURL' variable in main.php, allowing remote code execution via URL manipulation.

Description

PHP remote file inclusion vulnerability in main.php in Barryvan Compo Manager 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the pageURL parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by MhZ91 · textwebappsphp
https://www.exploit-db.com/exploits/5202

This is a writeup describing a Remote File Inclusion (RFI) vulnerability in barryvancompo-0.3. The vulnerability arises from an undefined 'pageURL' variable in main.php, allowing remote code execution via URL manipulation.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: barryvancompo-0.3
No auth needed
Prerequisites: Access to the target application URL · Ability to host malicious code on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5202
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28035

Scores

EPSS 0.2161
EPSS Percentile 97.3%

Details

CWE
CWE-94
Status published
Products (1)
barryvan_compo/barryvan_compo_manager 0.3
Published Mar 03, 2008
Tracked Since Feb 18, 2026