CVE-2008-1170

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-1170. PoCs published by muuratsalo.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in KC Wiki 1.0, where unsanitized user input allows arbitrary remote file inclusion. The example URL demonstrates how an attacker could exploit this to execute malicious PHP code.

Description

Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by muuratsalo · textwebappsphp

https://www.exploit-db.com/exploits/31325

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in KC Wiki 1.0, where unsanitized user input allows arbitrary remote file inclusion. The example URL demonstrates how an attacker could exploit this to execute malicious PHP code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: KC Wiki 1.0

No auth needed

Prerequisites: Remote file hosting with malicious PHP code · Network access to the vulnerable KC Wiki instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →