CVE-2008-5792

Indiscripts Enthusiast <3.1.4 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5792. PoCs published by BugReport.IR.

AI-analyzed exploit summary This is a writeup describing a file inclusion vulnerability in Enthusiast 3.1.4, where the 'path' parameter in show_joined.php can be manipulated to include arbitrary files when register_globals is enabled. The advisory includes proof-of-concept URLs but no executable exploit code.

Description

PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.

Exploits (1)

exploitdb WRITEUP VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/7059

View Code ZIP pw:eip

This is a writeup describing a file inclusion vulnerability in Enthusiast 3.1.4, where the 'path' parameter in show_joined.php can be manipulated to include arbitrary files when register_globals is enabled. The advisory includes proof-of-concept URLs but no executable exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Enthusiast 3.1.4 (and prior versions)

No auth needed

Prerequisites: register_globals enabled · magic_quotes_gpc disabled (for local file inclusion)

MITRE ATT&CK