CVE-2008-4644

myWebland myStats - IP Address Restriction Bypass via X-Forwarded-For Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4644. PoCs published by JosS.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in myStats (hits.php): IP block bypass via HTTP header manipulation (X-Forwarded-For) and SQL injection via the 'sortby' parameter. Both are validated with proof-of-concept Perl scripts.

Description

hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.

Exploits (1)

exploitdb WORKING POC VERIFIED
by JosS · textwebappsphp
https://www.exploit-db.com/exploits/6759

The exploit demonstrates two vulnerabilities in myStats (hits.php): IP block bypass via HTTP header manipulation (X-Forwarded-For) and SQL injection via the 'sortby' parameter. Both are validated with proof-of-concept Perl scripts.

Classification
Working Poc 95%
Attack Type
Sqli | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: myStats (hits.php) by mywebland.com
No auth needed
Prerequisites: Target application accessible via HTTP · Perl environment with LWP::UserAgent and HTTP::Request modules
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4455
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6759
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32289
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45918
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31772

Scores

EPSS 0.0265
EPSS Percentile 83.6%

Details

CWE
CWE-264
Status published
Products (1)
mywebland/mystats
Published Oct 22, 2008
Tracked Since Feb 18, 2026