CVE-2008-5566

Triangle Solutions PHP Multiple Newsletters 2.7 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5566. PoCs published by ahmadbady.

AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) and Cross-Site Scripting (XSS) vulnerability in PHP_Multiple_Newsletters v2.7. The LFI occurs due to unsanitized user input in the 'lang' parameter, while the XSS is triggered via improper handling of user input in the URL.

Description

Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ahmadbady · textwebappsphp

https://www.exploit-db.com/exploits/7400

View Code ZIP pw:eip

The exploit demonstrates a Local File Inclusion (LFI) and Cross-Site Scripting (XSS) vulnerability in PHP_Multiple_Newsletters v2.7. The LFI occurs due to unsanitized user input in the 'lang' parameter, while the XSS is triggered via improper handling of user input in the URL.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: PHP_Multiple_Newsletters v2.7

No auth needed

Prerequisites: Access to the target application's URL

MITRE ATT&CK