CVE-2008-1466

Exploitation Summary

EIP tracks 9 public exploits for CVE-2008-1466. PoCs published by ZoRLu.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in w-Agora 4.0, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but does not include executable exploit code.

Description

Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (9)

exploitdb WRITEUP VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31457

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in w-Agora 4.0, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but does not include executable exploit code.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: w-Agora 4.0

No auth needed

Prerequisites: Access to the vulnerable endpoint · Ability to craft a malicious URL

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31456

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in w-Agora 4.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: w-Agora 4.0

No auth needed

Prerequisites: Access to the vulnerable endpoint · Ability to manipulate the 'bn_dir_default' parameter

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31455

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in w-Agora 4.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: w-Agora 4.0

No auth needed

Prerequisites: Network access to the target application · Vulnerable version of w-Agora installed

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31454

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in w-Agora 4.0, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: w-Agora 4.0

No auth needed

Prerequisites: Network access to the target application · Vulnerable version of w-Agora installed

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31453

View Code ZIP pw:eip

The provided text describes a remote file-include vulnerability in w-Agora 4.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: w-Agora 4.0

No auth needed

Prerequisites: Access to the vulnerable endpoint · Ability to craft malicious URLs

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31452

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in w-Agora 4.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: w-Agora 4.0

No auth needed

Prerequisites: Access to the vulnerable endpoint · Ability to craft malicious URLs

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31451

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in w-Agora 4.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: w-Agora 4.0

No auth needed

Prerequisites: Access to the target application · Ability to craft malicious URLs

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31450

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in w-Agora 4.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: w-Agora 4.0

No auth needed

Prerequisites: Network access to the target application · Target application must be running w-Agora 4.0

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31449

View Code ZIP pw:eip

The provided text describes a remote file-include vulnerability in w-Agora 4.0, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: w-Agora 4.0

No auth needed

Prerequisites: Network access to the target application · Vulnerable version of w-Agora installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/41352

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28366

W-Agora 4.0 - Remote Code Execution

Exploitation Summary

Description

Exploits (9)

References (2)

Scores

Details