CVE-2008-5334

NitroTech 0.0.3a - Remote Code Execution via Root Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5334. PoCs published by Osirys.

AI-analyzed exploit summary This is a technical writeup detailing two vulnerabilities in Nitrotech CMS 0.0.3a: a remote file inclusion (RFI) due to an uninitialized variable and an SQL injection via unsanitized user input. The writeup includes code snippets and exploit examples.

Description

PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Osirys · textwebappsphp

https://www.exploit-db.com/exploits/7218

View Code ZIP pw:eip

This is a technical writeup detailing two vulnerabilities in Nitrotech CMS 0.0.3a: a remote file inclusion (RFI) due to an uninitialized variable and an SQL injection via unsanitized user input. The writeup includes code snippets and exploit examples.

Classification

Writeup 95%

Attack Type

Sqli | Rce

Complexity

Trivial

Reliability

Reliable

Target: Nitrotech CMS 0.0.3a

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7218

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4691

Scores

EPSS 0.0863

EPSS Percentile 94.4%

Details

CWE

CWE-94

Status published

Products (1)

nitrotech/nitrotech 0.0.3a

Published Dec 05, 2008

Tracked Since Feb 18, 2026