CVE-2008-1370

wildmary Yap Blog 1.1 - Remote File Inclusion Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1370. PoCs published by THE_MILLER.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in Yap Blog versions prior to 1.1.1. It lacks executable exploit code but outlines the vulnerability and attack vector.

Description

PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by THE_MILLER · textwebappsphp
https://www.exploit-db.com/exploits/31341

The provided text describes a remote file inclusion vulnerability in Yap Blog versions prior to 1.1.1. It lacks executable exploit code but outlines the vulnerability and attack vector.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Yap Blog < 1.1.1
No auth needed
Prerequisites: Network access to the target application · Knowledge of the target path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41049
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28120

Scores

EPSS 0.0165
EPSS Percentile 73.6%

Details

CWE
CWE-94
Status published
Products (1)
wildmary/yap_blog 1.1
Published Mar 18, 2008
Tracked Since Feb 18, 2026