CVE-2008-2885

Odars - Code Injection

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2885. PoCs published by CraCkEr.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in ODARS CMS 1.0.2. The exploit allows an attacker to include a remote shell by manipulating the `CLASSES_ROOT` parameter in a GET request.

Description

PHP remote file inclusion vulnerability in src/browser/resource/categories/resource_categories_view.php in Open Digital Assets Repository System (ODARS) 1.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES_ROOT parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CraCkEr · textwebappsphp

https://www.exploit-db.com/exploits/5906

View Code ZIP pw:eip

This exploit demonstrates a Remote File Include (RFI) vulnerability in ODARS CMS 1.0.2. The exploit allows an attacker to include a remote shell by manipulating the `CLASSES_ROOT` parameter in a GET request.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ODARS CMS 1.0.2

No auth needed

Prerequisites: Register Globals must be enabled on the target server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30784

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5906

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29881

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/43285

Scores

EPSS 0.0294

EPSS Percentile 85.3%

Details

CWE

CWE-94

Status published

Products (1)

odars/odars 1.0.2

Published Jun 27, 2008

Tracked Since Feb 18, 2026