CVE-2008-5708

SlimCMS 1.0.0 - Unauthenticated Administrative User Creation via redirect.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5708. PoCs published by StAkeR.

AI-analyzed exploit summary This exploit targets SlimCMS <= 1.0.0 by sending a crafted POST request to 'redirect.php' to create a new admin user with arbitrary credentials. It leverages improper privilege escalation due to lack of input validation.

Description

redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.

Exploits (1)

exploitdb WORKING POC VERIFIED
by StAkeR · phpwebappsphp
https://www.exploit-db.com/exploits/6729

This exploit targets SlimCMS <= 1.0.0 by sending a crafted POST request to 'redirect.php' to create a new admin user with arbitrary credentials. It leverages improper privilege escalation due to lack of input validation.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: SlimCMS <= 1.0.0
No auth needed
Prerequisites: Network access to the target · SlimCMS installation with vulnerable 'redirect.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45824
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4804
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6729
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31736

Scores

EPSS 0.0264
EPSS Percentile 83.6%

Details

CWE
CWE-287
Status published
Products (1)
slimcms/slimcms 1.0.0
Published Dec 24, 2008
Tracked Since Feb 18, 2026