CVE-2008-4767

PHP-Nuke DownloadsPlus Module - Unrestricted File Upload and Remote Code Execution via .htm .html or .txt Extensions

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4767. PoCs published by ZoRLu.

AI-analyzed exploit summary The exploit describes a vulnerability in the DownloadsPlus module for PHP-Nuke that allows remote attackers to upload and execute arbitrary code due to insufficient input sanitization. Attackers can upload files with '.htm', '.html', or '.txt' extensions, potentially leading to remote code execution with webserver privileges.

Description

Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31702

View Code ZIP pw:eip

The exploit describes a vulnerability in the DownloadsPlus module for PHP-Nuke that allows remote attackers to upload and execute arbitrary code due to insufficient input sanitization. Attackers can upload files with '.htm', '.html', or '.txt' extensions, potentially leading to remote code execution with webserver privileges.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: PHP-Nuke DownloadsPlus module

Auth required

Prerequisites: Valid login credentials · Access to the vulnerable module

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources x_refsource_misc

http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28919

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42007

Scores

EPSS 0.0421

EPSS Percentile 89.7%

Details

CWE

CWE-20

Status published

Products (1)

php-nuke/downloadsplus_module

Published Oct 28, 2008

Tracked Since Feb 18, 2026