CVE-2008-2980

EIP tracks 1 public exploit for CVE-2008-2980. PoCs published by CraCkEr.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in HomePH Design 2.10 RC2, including Remote File Inclusion (RFI), Local File Inclusion (LFI), and Cross-Site Scripting (XSS). It provides specific URLs to exploit these vulnerabilities, indicating a functional proof-of-concept.

Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to admin/features/memberlist/memberlist.php, the (3) language_array[ueberschrift] parameter to admin/features/lostpassword/lostpassword.php, the (4) language_feature[titel] parameter to admin/features/kalender/eingabe.php, and the (5) language_feature[bildmenu] parameter to admin/features/fotogalerie/eingabe.php.