CVE-2008-5090

Advanced Electron Forum < 1.0.7 - Remote Code Execution via BBCode Email Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5090. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a detailed writeup explaining a remote code execution vulnerability in AEF Forum <= 1.0.6 due to improper handling of evaluated bbcode. The vulnerability arises from the use of the 'e' modifier in preg_replace, allowing arbitrary PHP code execution.

Description

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/6499

View Code ZIP pw:eip

This is a detailed writeup explaining a remote code execution vulnerability in AEF Forum <= 1.0.6 due to improper handling of evaluated bbcode. The vulnerability arises from the use of the 'e' modifier in preg_replace, allowing arbitrary PHP code execution.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Advanced Electron Forum (AEF Forum) <= 1.0.6

No auth needed

Prerequisites: Access to post or inject malicious bbcode in the forum

MITRE ATT&CK