CVE-2008-3509

LoveCMS 1.6.2 - Unauthenticated Remote Code Execution via Admin Panel

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-3509. PoCs published by PoMdaPiMp.

AI-analyzed exploit summary This exploit targets LoveCMS 1.6.2_final by sending a crafted POST request to modify site settings without authentication. It demonstrates an unauthorized configuration change vulnerability.

Description

LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED
by PoMdaPiMp · rubywebappsphp
https://www.exploit-db.com/exploits/6210

This exploit targets LoveCMS 1.6.2_final by sending a crafted POST request to modify site settings without authentication. It demonstrates an unauthorized configuration change vulnerability.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: LoveCMS 1.6.2_final
No auth needed
Prerequisites: Network access to the target LoveCMS installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by PoMdaPiMp · rubywebappsphp
https://www.exploit-db.com/exploits/6209

This exploit targets LoveCMS by injecting PHP code into a side block via an unauthenticated HTTP POST request. It then ensures the block is visible by submitting additional form data.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: LoveCMS 1.6.2_final
No auth needed
Prerequisites: Network access to the target LoveCMS installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6210
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31389
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6209
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44226
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30562
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44227

Scores

EPSS 0.1510
EPSS Percentile 94.7%

Details

CWE
CWE-94
Status published
Products (1)
lovecms/lovecms 1.6.2
Published Aug 07, 2008
Tracked Since Feb 18, 2026