CVE-2008-2198

Kmita Tellfriend < 2.0 - Remote Code Execution via htmlcode.php file Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2198. PoCs published by K-159.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Kmita Tellfriend <= 2.0 via the 'file' parameter in htmlcode.php. Successful exploitation requires register_globals to be enabled and may require authentication.

Description

PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode.php in Kmita Tellfriend 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by K-159 · textwebappsphp

https://www.exploit-db.com/exploits/5544

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Kmita Tellfriend <= 2.0 via the 'file' parameter in htmlcode.php. Successful exploitation requires register_globals to be enabled and may require authentication.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Kmita Tellfriend <= 2.0

Auth required

Prerequisites: register_globals enabled · authentication credentials (default: admin/admin)

MITRE ATT&CK