CVE-2008-2677

Telephone Directory 2008 - Cross-Site Scripting via edit1.php action parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2677. PoCs published by CWH Underground.

AI-analyzed exploit summary The exploit demonstrates SQL injection and XSS vulnerabilities in Telephone Directory 2008. It provides specific payloads for SQLi in 'edit1.php' and 'view_more.php', and an XSS vector in 'edit1.php'.

Description

Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CWH Underground · textwebappsphp

https://www.exploit-db.com/exploits/5764

View Code ZIP pw:eip

The exploit demonstrates SQL injection and XSS vulnerabilities in Telephone Directory 2008. It provides specific payloads for SQLi in 'edit1.php' and 'view_more.php', and an XSS vector in 'edit1.php'.

Classification

Working Poc 95%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: Telephone Directory 2008

No auth needed

Prerequisites: magic_quotes_gpc = Off

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5764

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29614

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42972

Scores

EPSS 0.0151

EPSS Percentile 71.0%

Details

CWE

CWE-79

Status published

Products (1)

telephone/telephone_directory_2008

Published Jun 12, 2008

Tracked Since Feb 18, 2026