CVE-2008-5071

Yoxel < 1.23beta - Authenticated PHP Code Injection via proj_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5071. PoCs published by dun.

AI-analyzed exploit summary The exploit demonstrates a PHP code injection vulnerability in Yoxel <= 1.23beta via the `itpm_estimate.php` script, where user-controlled input in `proj_id` is passed to an `eval()` function, allowing arbitrary PHP code execution. The PoC includes specific URLs and technical details about the vulnerable code paths.

Description

Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by dun · textwebappsphp
https://www.exploit-db.com/exploits/6606

The exploit demonstrates a PHP code injection vulnerability in Yoxel <= 1.23beta via the `itpm_estimate.php` script, where user-controlled input in `proj_id` is passed to an `eval()` function, allowing arbitrary PHP code execution. The PoC includes specific URLs and technical details about the vulnerable code paths.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Yoxel <= 1.23beta
Auth required
Prerequisites: Valid authentication credentials for Yoxel · Access to the vulnerable endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4591
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6606
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31448
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45488

Scores

EPSS 0.0628
EPSS Percentile 92.7%

Details

CWE
CWE-94
Status published
Products (21)
yoxel/yoxel 1.06beta
yoxel/yoxel 1.07beta
yoxel/yoxel 1.08beta
yoxel/yoxel 1.09beta
yoxel/yoxel 1.10beta
yoxel/yoxel 1.11beta
yoxel/yoxel 1.12beta
yoxel/yoxel 1.13beta
yoxel/yoxel 1.14beta
yoxel/yoxel 1.15beta
... and 11 more
Published Nov 14, 2008
Tracked Since Feb 18, 2026