CVE-2008-2110

QTOFileManager 1.0 - Unauthenticated Arbitrary File Upload via qtofm.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2110. PoCs published by CrAzY CrAcKeR.

AI-analyzed exploit summary The provided text describes a vulnerability in QTO File Manager (CVE-2008-2110) where unsanitized user input allows remote attackers to upload and execute arbitrary script code. The example URL demonstrates a potential attack vector but lacks executable code.

Description

Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request.

Exploits (1)

exploitdb WRITEUP VERIFIED

by CrAzY CrAcKeR · textwebappsphp

https://www.exploit-db.com/exploits/31750

View Code ZIP pw:eip

The provided text describes a vulnerability in QTO File Manager (CVE-2008-2110) where unsanitized user input allows remote attackers to upload and execute arbitrary script code. The example URL demonstrates a potential attack vector but lacks executable code.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: QTO File Manager (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable QTO File Manager instance

MITRE ATT&CK