CVE-2008-4207

Attachmax Dolphin <= 2.1.0 - Unauthenticated Sensitive Information Exposure via info.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4207. PoCs published by K-159.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Attachmax Dolphin <= 2.1.0, including Remote File Inclusion (RFI), information disclosure, and Blind SQL Injection. It provides proof-of-concept URLs and technical descriptions but does not include functional exploit code.

Description

Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by K-159 · textwebappsphp

https://www.exploit-db.com/exploits/6468

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Attachmax Dolphin <= 2.1.0, including Remote File Inclusion (RFI), information disclosure, and Blind SQL Injection. It provides proof-of-concept URLs and technical descriptions but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Rfi | Sqli | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Attachmax Dolphin <= 2.1.0

No auth needed

Prerequisites: register_globals enabled for RFI · access to vulnerable endpoints

MITRE ATT&CK