CVE-2008-3555
WSN Links <= 4.1.44 - Remote File Inclusion via TID Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-3555. PoCs published by otmorozok428.
AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in Wsn Forum and related products to execute arbitrary commands via a malicious avatar upload. The attacker uploads an avatar with PHP code and then includes it via a crafted URL to achieve remote code execution.
Description
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.
Exploits (1)
This exploit leverages a file inclusion vulnerability in Wsn Forum and related products to execute arbitrary commands via a malicious avatar upload. The attacker uploads an avatar with PHP code and then includes it via a crafted URL to achieve remote code execution.