CVE-2008-1495

EIP tracks 1 public exploit for CVE-2008-1495. PoCs published by Charles Fol.

AI-analyzed exploit summary This exploit targets multiple vulnerabilities in PEEL CMS, including SQL injection, blind SQL injection, and authentication bypass to extract admin hashes and upload a malicious file. It demonstrates a multi-stage attack chain to achieve remote code execution.

Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf.