CVE-2008-5060

ModernBill < 4.4 - Remote Code Execution via DIR Parameter File Inclusion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5060. PoCs published by nigh7f411.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in ModernBill <= v4.4.X, allowing arbitrary remote code execution by manipulating the 'DIR' parameter in multiple scripts. It also includes an XSS payload targeting the login page.

Description

Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054.

Exploits (1)

exploitdb WORKING POC VERIFIED
by nigh7f411 · textwebappsphp
https://www.exploit-db.com/exploits/6916

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in ModernBill <= v4.4.X, allowing arbitrary remote code execution by manipulating the 'DIR' parameter in multiple scripts. It also includes an XSS payload targeting the login page.

Classification
Working Poc 90%
Attack Type
Rce | Xss
Complexity
Trivial
Reliability
Reliable
Target: ModernBill <= v4.4.X
No auth needed
Prerequisites: Network access to the target application · Ability to host malicious files on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32529
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46513
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4587
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6916

Scores

EPSS 0.0293
EPSS Percentile 86.6%

Details

CWE
CWE-94
Status published
Products (14)
modernbill/modernbill 2.01
modernbill/modernbill 2.02s
modernbill/modernbill 3.0 beta
modernbill/modernbill 3.1.0
modernbill/modernbill 3.1.3
modernbill/modernbill 4.0.1 rc7 (2 CPE variants)
modernbill/modernbill 4.0.2
modernbill/modernbill 4.1.1
modernbill/modernbill 4.1.2
modernbill/modernbill 4.1.3
... and 4 more
Published Nov 13, 2008
Tracked Since Feb 18, 2026