CVE-2008-4668

NUCLEI

Joomla com_imagebrowser 0.1.5 - Path Traversal via Folder Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4668. PoCs published by Cr@zy_King. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a writeup describing a directory traversal vulnerability in Joomla's Imagebrowser component. The exploit allows an attacker to access files outside the intended directory by manipulating the 'folder' parameter.

Description

Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Cr@zy_King · textwebappsphp
https://www.exploit-db.com/exploits/6618

This is a writeup describing a directory traversal vulnerability in Joomla's Imagebrowser component. The exploit allows an attacker to access files outside the intended directory by manipulating the 'folder' parameter.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Joomla with Imagebrowser component
No auth needed
Prerequisites: Joomla installation with vulnerable Imagebrowser component
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion
CRITICALby daffainfo

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45490
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6618
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31458
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4464

Scores

EPSS 0.0005
EPSS Percentile 15.3%

Details

CWE
CWE-22
Status published
Products (1)
joomla/com_imagebrowser 0.1.5
Published Oct 22, 2008
Tracked Since Feb 18, 2026