CVE-2008-5288

Werner Hilversum FAQ Manager 1.2 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5288. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit demonstrates a file inclusion vulnerability in FAQ Manager 1.2 by manipulating the 'config_path' parameter in 'include/header.php' to include arbitrary files. The PoC shows a simple URL-based attack vector.

Description

PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/7229

View Code ZIP pw:eip

This exploit demonstrates a file inclusion vulnerability in FAQ Manager 1.2 by manipulating the 'config_path' parameter in 'include/header.php' to include arbitrary files. The PoC shows a simple URL-based attack vector.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: FAQ Manager 1.2

No auth needed

Prerequisites: Target application must be installed and accessible · Remote file inclusion must be enabled on the server

MITRE ATT&CK