CVE-2008-5855

myPHPscripts Login Session 2.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5855. PoCs published by Osirys.

AI-analyzed exploit summary The document describes two vulnerabilities in myPHPscripts Login Session 2.0: an XSS vulnerability due to unfiltered user input in the registration form and a database disclosure issue where user credentials are stored in a flat text file. No executable exploit code is provided.

Description

myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Osirys · textwebappsphp
https://www.exploit-db.com/exploits/7526

The document describes two vulnerabilities in myPHPscripts Login Session 2.0: an XSS vulnerability due to unfiltered user input in the registration form and a database disclosure issue where user credentials are stored in a flat text file. No executable exploit code is provided.

Classification
Writeup 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: myPHPscripts Login Session 2.0
No auth needed
Prerequisites: Access to the registration page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4873
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7526
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33253
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47502

Scores

EPSS 0.0261
EPSS Percentile 83.4%

Details

CWE
CWE-264
Status published
Products (1)
myphpscripts/login_session 2.0
Published Jan 06, 2009
Tracked Since Feb 18, 2026