CVE-2008-3033

RSS-aggregator 1.0 - Unauthenticated Admin Function Access via admin/fonctions/ Directory

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3033. PoCs published by CWH Underground.

AI-analyzed exploit summary The provided text describes SQL injection and authentication bypass vulnerabilities in RSS-aggregator 1.0, with example URLs demonstrating vulnerable parameters. No actual exploit code is included.

Description

RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by CWH Underground · textwebappsphp
https://www.exploit-db.com/exploits/32003

The provided text describes SQL injection and authentication bypass vulnerabilities in RSS-aggregator 1.0, with example URLs demonstrating vulnerable parameters. No actual exploit code is included.

Classification
Writeup 80%
Attack Type
Sqli | Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: RSS-aggregator 1.0
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30016
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3975
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43509
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/493783/100/0/threaded

Scores

EPSS 0.0301
EPSS Percentile 85.7%

Details

CWE
CWE-287
Status published
Products (1)
rss_aggregator/rss_aggregator 1.0
Published Jul 07, 2008
Tracked Since Feb 18, 2026