CVE-2008-5185

GeSHi < 1.0.8 - Denial of Service via Unclosed XML Delimiter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5185. PoCs published by Christian Hoffmann.

AI-analyzed exploit summary The provided text describes a remote denial-of-service vulnerability in GeSHi versions prior to 1.0.8, where an infinite loop can be triggered to consume excessive resources. However, no actual exploit code is included in the snippet.

Description

The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<".

Exploits (1)

exploitdb WRITEUP VERIFIED
by Christian Hoffmann · textdosmultiple
https://www.exploit-db.com/exploits/32596

The provided text describes a remote denial-of-service vulnerability in GeSHi versions prior to 1.0.8, where an infinite loop can be triggered to consume excessive resources. However, no actual exploit code is included in the snippet.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: GeSHi < 1.0.8
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32377
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46769
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/11/20/4

Scores

EPSS 0.0500
EPSS Percentile 89.8%

Details

CWE
CWE-399
Status published
Products (31)
geshi/geshi 1.0.0
geshi/geshi 1.0.1
geshi/geshi 1.0.2
geshi/geshi 1.0.2_beta_1
geshi/geshi 1.0.3
geshi/geshi 1.0.4
geshi/geshi 1.0.5
geshi/geshi 1.0.6
geshi/geshi 1.0.7
geshi/geshi 1.0.7.1
... and 21 more
Published Nov 21, 2008
Tracked Since Feb 18, 2026