CVE-2008-4721

PHP Jabbers Post Comment 3.0 - Unauthenticated Administrative Access via PostCommentsAdmin Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4721. PoCs published by Crackers_Child.

AI-analyzed exploit summary This exploit demonstrates an insecure cookie handling vulnerability in Post Comments v3.0, allowing an attacker to bypass authentication by setting a cookie via JavaScript. The vulnerability is trivial to exploit and requires no prior authentication.

Description

PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Crackers_Child · textwebappsphp
https://www.exploit-db.com/exploits/6625

This exploit demonstrates an insecure cookie handling vulnerability in Post Comments v3.0, allowing an attacker to bypass authentication by setting a cookie via JavaScript. The vulnerability is trivial to exploit and requires no prior authentication.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Post Comments v3.0
No auth needed
Prerequisites: Access to the target's admin interface URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27991
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6625
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45503
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4502

Scores

EPSS 0.0277
EPSS Percentile 84.5%

Details

CWE
CWE-200 CWE-287
Status published
Products (1)
php_jabbers/post_comment 2.0
Published Oct 23, 2008
Tracked Since Feb 18, 2026