CVE-2008-6066

Meet#Web 0.8 - Remote Code Execution via root_path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2008-6066. PoCs published by Rakesh S.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in Meet#Web 0.8, where insufficient sanitization of user-supplied data allows arbitrary file inclusion via the 'root_path' parameter. No actual exploit code is present, only a description and example URL.

Description

Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (6)

exploitdb WRITEUP VERIFIED
by Rakesh S · textwebappsphp
https://www.exploit-db.com/exploits/32236

The provided text describes a remote file inclusion vulnerability in Meet#Web 0.8, where insufficient sanitization of user-supplied data allows arbitrary file inclusion via the 'root_path' parameter. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Meet#Web 0.8
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Rakesh S · textwebappsphp
https://www.exploit-db.com/exploits/32235

The provided text describes a remote file inclusion vulnerability in Meet#Web 0.8, where insufficient sanitization of user-supplied data allows arbitrary file inclusion via the 'root_path' parameter in RegResource.class.php. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Meet#Web 0.8
No auth needed
Prerequisites: Network access to the target application · Vulnerable version of Meet#Web installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Rakesh S · textwebappsphp
https://www.exploit-db.com/exploits/32234

The provided text describes a remote file inclusion vulnerability in Meet#Web 0.8, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files via the 'root_path' parameter in RegForm.class.php. No actual exploit code is present, only a description and example URL.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Meet#Web 0.8
No auth needed
Prerequisites: Network access to the target application · Meet#Web 0.8 installation with vulnerable configuration
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Rakesh S · textwebappsphp
https://www.exploit-db.com/exploits/32231

The provided text describes a remote file inclusion vulnerability in Meet#Web 0.8, where insufficient sanitization of user-supplied data allows arbitrary file inclusion via the 'root_path' parameter. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Meet#Web 0.8
No auth needed
Prerequisites: Network access to the target application · Meet#Web 0.8 or potentially other versions installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Rakesh S · textwebappsphp
https://www.exploit-db.com/exploits/32233

The provided text describes a remote file inclusion vulnerability in Meet#Web 0.8, where insufficient sanitization of user-supplied data allows arbitrary file inclusion via the 'root_path' parameter. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Meet#Web 0.8
No auth needed
Prerequisites: Network access to the target application · Vulnerable version of Meet#Web
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Rakesh S · textwebappsphp
https://www.exploit-db.com/exploits/32232

The provided text describes a remote file inclusion vulnerability in Meet#Web 0.8, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Meet#Web 0.8
No auth needed
Prerequisites: Network access to the target application · Vulnerable version of Meet#Web installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44454
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30673

Scores

EPSS 0.0254
EPSS Percentile 82.9%

Details

CWE
CWE-94
Status published
Products (1)
meet\#web/meet\#web 0.8
Published Feb 05, 2009
Tracked Since Feb 18, 2026