CVE-2008-6010

SG Real Estate Portal 2.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6010. PoCs published by SirGod.

AI-analyzed exploit summary The exploit demonstrates Local File Inclusion (LFI) and Blind SQL Injection vulnerabilities in SG Real Estate Portal 2.0. It provides multiple PoC URLs with parameter manipulation techniques to exploit these vulnerabilities.

Description

Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to admin/index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/6631

View Code ZIP pw:eip

The exploit demonstrates Local File Inclusion (LFI) and Blind SQL Injection vulnerabilities in SG Real Estate Portal 2.0. It provides multiple PoC URLs with parameter manipulation techniques to exploit these vulnerabilities.

Classification

Working Poc 90%

Attack Type

Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SG Real Estate Portal 2.0

No auth needed

Prerequisites: Access to the target application · Knowledge of vulnerable parameters

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6631

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31489

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/45569

Scores

EPSS 0.0267

EPSS Percentile 83.8%

Details

CWE

CWE-22

Status published

Products (1)

sg_real_estate_portal/sg_real_estate_portal 2.0

Published Jan 30, 2009

Tracked Since Feb 18, 2026