CVE-2008-5776

Aperto Blog 0.1.1 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5776. PoCs published by NoGe.

AI-analyzed exploit summary The code describes Local File Inclusion (LFI) and SQL Injection vulnerabilities in Aperto Blog 0.1.1. It highlights vulnerable parameters in admin.php, index.php, and categories.php but does not include functional exploit code.

Description

Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Exploits (1)

exploitdb WRITEUP VERIFIED

by NoGe · textwebappsphp

https://www.exploit-db.com/exploits/7482

View Code ZIP pw:eip

The code describes Local File Inclusion (LFI) and SQL Injection vulnerabilities in Aperto Blog 0.1.1. It highlights vulnerable parameters in admin.php, index.php, and categories.php but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Aperto Blog 0.1.1

No auth needed

Prerequisites: Access to vulnerable web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7482

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32850

Scores

EPSS 0.0228

EPSS Percentile 80.9%

Details

CWE

CWE-22

Status published

Products (1)

apertoblog/apertoblog 0.1.1

Published Dec 30, 2008

Tracked Since Feb 18, 2026