CVE-2008-1534

PowerPHPBoard 1.00b - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1534. PoCs published by DSecRG.

AI-analyzed exploit summary The exploit demonstrates Local File Include (LFI) vulnerabilities in PowerPHPBoard 1.00b, specifically in footer.inc.php and header.inc.php. It requires REGISTER_GLOBALS to be enabled and allows reading arbitrary files via path traversal.

Description

Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DSecRG · textwebappsphp

https://www.exploit-db.com/exploits/5303

View Code ZIP pw:eip

The exploit demonstrates Local File Include (LFI) vulnerabilities in PowerPHPBoard 1.00b, specifically in footer.inc.php and header.inc.php. It requires REGISTER_GLOBALS to be enabled and allows reading arbitrary files via path traversal.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PowerPHPBoard 1.00b

No auth needed

Prerequisites: REGISTER_GLOBALS enabled in PHP configuration

devstral-2 · analyzed Feb 16, 2026 Full analysis →