CVE-2008-4758

php-daily - Path Traversal via Download File Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4758. PoCs published by 0xFFFFFF.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in PHPdaily, including SQL injection, XSS, and local file download vulnerabilities. It provides specific exploit paths and parameters but does not include functional exploit code.

Description

Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by 0xFFFFFF · textwebappsphp
https://www.exploit-db.com/exploits/6833

This is a technical writeup detailing multiple vulnerabilities in PHPdaily, including SQL injection, XSS, and local file download vulnerabilities. It provides specific exploit paths and parameters but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PHPdaily (version N/A)
Auth required
Prerequisites: User authentication · Access to vulnerable endpoints
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31915
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4527
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46126
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6833

Scores

EPSS 0.0283
EPSS Percentile 84.8%

Details

CWE
CWE-22
Status published
Products (1)
php-daily/php-daily
Published Oct 28, 2008
Tracked Since Feb 18, 2026