CVE-2008-4319

Libra File Manager Php Filemanager < 1.18 - Authentication Bypass

Title source: rule

Description

fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pepelux · perlwebappsphp

https://www.exploit-db.com/exploits/6567

View Code ZIP pw:eip

References (4)

[Exploit] http://www.securityfocus.com/archive/1/496742

[Exploit] http://www.securityfocus.com/bid/31415

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45423

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6567

Scores

EPSS 0.0337

EPSS Percentile 87.2%

Classification

CWE

CWE-287

Status draft

Affected Products (6)

libra_file_manager/php_filemanager < 1.18

libra_file_manager/php_filemanager

libra_file_manager/php_filemanager

libra_file_manager/php_filemanager

libra_file_manager/php_filemanager

libra_file_manager/php_filemanager

Timeline

Published Sep 29, 2008

Tracked Since Feb 18, 2026