CVE-2008-1128

phpmytourney 2 - Remote Code Execution via tourney/index.php page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1128. PoCs published by HACKERS PAL.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in phpMyTourney 2, where unsanitized user input in the 'page' parameter allows arbitrary remote file inclusion. No actual exploit code is present, only a description and example URL.

Description

PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by HACKERS PAL · textwebappsphp

https://www.exploit-db.com/exploits/31320

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in phpMyTourney 2, where unsanitized user input in the 'page' parameter allows arbitrary remote file inclusion. No actual exploit code is present, only a description and example URL.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: phpMyTourney 2

No auth needed

Prerequisites: Remote file hosting with malicious PHP code · Target server with allow_url_include enabled

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/488951/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3708

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28057

Scores

EPSS 0.0182

EPSS Percentile 75.9%

Details

CWE

CWE-94

Status published

Products (1)

phpmytourney/phpmytourney 2

Published Mar 03, 2008

Tracked Since Feb 18, 2026