CVE-2008-5308

LoveCMS The Simple Forum 3.1d - Unauthenticated Administrator Password Change via Direct Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5308. PoCs published by cOndemned.

AI-analyzed exploit summary This exploit changes the admin password and enables HTML in LoveCMS 1.6.2 Final by sending a crafted POST request to the admin panel. It leverages an authentication bypass or insecure direct object reference to modify settings without proper authorization.

Description

The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cOndemned · phpwebappsphp

https://www.exploit-db.com/exploits/7191

View Code ZIP pw:eip

This exploit changes the admin password and enables HTML in LoveCMS 1.6.2 Final by sending a crafted POST request to the admin panel. It leverages an authentication bypass or insecure direct object reference to modify settings without proper authorization.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: LoveCMS 1.6.2 Final (Simple Forum 3.1d)

No auth needed

Prerequisites: Target must have LoveCMS 1.6.2 Final with Simple Forum 3.1d installed · Admin panel must be accessible at the specified path

MITRE ATT&CK