CVE-2008-4245

Rianxosencabos CMS 0.9 - Authenticated Privilege Escalation and User Deletion via Admin Control Panel

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4245. PoCs published by CWH Underground.

AI-analyzed exploit summary This is a writeup describing an arbitrary add-admin vulnerability in Rianxosencabos CMS 0.9. The exploit involves logging in, navigating to a specific admin URL, and manually changing user permissions or deleting accounts.

Description

The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by CWH Underground · textwebappsphp
https://www.exploit-db.com/exploits/6513

This is a writeup describing an arbitrary add-admin vulnerability in Rianxosencabos CMS 0.9. The exploit involves logging in, navigating to a specific admin URL, and manually changing user permissions or deleting accounts.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Rianxosencabos CMS 0.9
Auth required
Prerequisites: Valid user account · Access to the vulnerable URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31296
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45290
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6513
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4311

Scores

EPSS 0.0193
EPSS Percentile 77.4%

Details

CWE
CWE-264
Status published
Products (1)
rianxosencabos_cms/rianxosencabos_cms 0.9
Published Sep 25, 2008
Tracked Since Feb 18, 2026