CVE-2008-5604

My Simple Forum <4.1 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5604. PoCs published by cOndemned.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in My Simple Forum 3.0. The vulnerability arises from improper input validation in the 'action' parameter, allowing an attacker to include arbitrary local files via directory traversal sequences.

Description

Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cOndemned · textwebappsphp

https://www.exploit-db.com/exploits/7342

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in My Simple Forum 3.0. The vulnerability arises from improper input validation in the 'action' parameter, allowing an attacker to include arbitrary local files via directory traversal sequences.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: My Simple Forum 3.0

No auth needed

Prerequisites: Target application must be running My Simple Forum 3.0 · Remote access to the application

devstral-2 · analyzed Feb 16, 2026 Full analysis →