CVE-2008-4206

Attachmax Dolphin <= 2.1.0 - Remote Code Execution via rel_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4206. PoCs published by K-159.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Attachmax Dolphin <= 2.1.0, including Remote File Inclusion (RFI), information disclosure, and Blind SQL Injection. It provides proof-of-concept URLs and technical descriptions but does not include functional exploit code.

Description

PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by K-159 · textwebappsphp

https://www.exploit-db.com/exploits/6468

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Attachmax Dolphin <= 2.1.0, including Remote File Inclusion (RFI), information disclosure, and Blind SQL Injection. It provides proof-of-concept URLs and technical descriptions but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Rfi | Sqli | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Attachmax Dolphin <= 2.1.0

No auth needed

Prerequisites: register_globals enabled for RFI · access to vulnerable endpoints

MITRE ATT&CK