CVE-2008-4499

PHP Web Explorer Lite < 0.99b - Path Traversal via Refer or File Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-4499. PoCs published by Pepelux.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in PHP Web Explorer 0.99b, where improper input sanitization allows directory traversal attacks. No actual exploit code is present, only a description and example URL.

Description

Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Pepelux · textwebappsphp
https://www.exploit-db.com/exploits/32463

The provided text describes a local file inclusion (LFI) vulnerability in PHP Web Explorer 0.99b, where improper input sanitization allows directory traversal attacks. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: PHP Web Explorer 0.99b
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Pepelux · textwebappsphp
https://www.exploit-db.com/exploits/32464

The provided text describes a local file inclusion (LFI) vulnerability in PHP Web Explorer 0.99b, where an attacker can exploit improper input sanitization to traverse directories and access sensitive files like /etc/passwd. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PHP Web Explorer 0.99b
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45691
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=122332154511973&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31595
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4371

Scores

EPSS 0.0286
EPSS Percentile 84.9%

Details

CWE
CWE-22
Status published
Products (2)
php_web_explorer/php_web_explorer_lite 0.99a
php_web_explorer/php_web_explorer_lite < 0.99b
Published Oct 09, 2008
Tracked Since Feb 18, 2026