CVE-2008-4592

Sports Clubs Web Panel 0.0.1 - Path Traversal via Index.php p Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-4592. PoCs published by StAkeR, Virangar Security.

AI-analyzed exploit summary This is a writeup describing a Local File Inclusion (LFI) vulnerability in Sports Clubs Web Panel 0.0.1. The vulnerability allows an attacker to read arbitrary files on the server by manipulating the 'p' parameter in index.php with directory traversal sequences and a null byte.

Description

Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED
by StAkeR · textwebappsphp
https://www.exploit-db.com/exploits/6427

This is a writeup describing a Local File Inclusion (LFI) vulnerability in Sports Clubs Web Panel 0.0.1. The vulnerability allows an attacker to read arbitrary files on the server by manipulating the 'p' parameter in index.php with directory traversal sequences and a null byte.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Sports Clubs Web Panel 0.0.1
No auth needed
Prerequisites: access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Virangar Security · textwebappsphp
https://www.exploit-db.com/exploits/6435

This exploit demonstrates SQL injection vulnerabilities in Sports Clubs Web Panel 0.0.1 via the 'id' parameter in draw-view.php and draw-edit.php. The PoC includes crafted URLs to extract database information such as MySQL version and user credentials.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Sports Clubs Web Panel 0.0.1
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6427
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45062
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2550
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4423

Scores

EPSS 0.0401
EPSS Percentile 89.2%

Details

CWE
CWE-22
Status published
Products (1)
sportspanel/sports_clubs_web_portal 0.0.1
Published Oct 16, 2008
Tracked Since Feb 18, 2026