CVE-2008-3555

WSN Links <= 4.1.44 - Remote File Inclusion via TID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3555. PoCs published by otmorozok428.

AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in Wsn Forum and related products to execute arbitrary commands via a malicious avatar upload. The attacker uploads an avatar with PHP code and then includes it via a crafted URL to achieve remote code execution.

Description

Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.

Exploits (1)

exploitdb WORKING POC VERIFIED
by otmorozok428 · textwebappsphp
https://www.exploit-db.com/exploits/6208

This exploit leverages a file inclusion vulnerability in Wsn Forum and related products to execute arbitrary commands via a malicious avatar upload. The attacker uploads an avatar with PHP code and then includes it via a crafted URL to achieve remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Wsn Forum <= 4.1.43, Wsn Knowledge Base <= 4.1.36, Wsn Links <= 4.1.44, Wsn Gallery <= 4.1.30
Auth required
Prerequisites: Valid user account to upload an avatar · File inclusion vulnerability in the target software
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31392
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4120
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44236
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6208

Scores

EPSS 0.0193
EPSS Percentile 77.5%

Details

CWE
CWE-22
Status published
Products (50)
wsn/forum < 4.1.43
wsn/gallery < 4.1.30
wsn/knowledge_base < 4.1.36
wsn/links 4.0.0
wsn/links 4.0.1
wsn/links 4.0.2
wsn/links 4.0.3
wsn/links 4.0.4
wsn/links 4.0.5
wsn/links 4.0.6
... and 40 more
Published Aug 08, 2008
Tracked Since Feb 18, 2026