CVE-2008-6118

Goople CMS 1.7 - Unauthenticated Authentication Bypass via Loggedin Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6118. PoCs published by x0r, BeyazKurt.

AI-analyzed exploit summary The exploit describes an arbitrary file creation vulnerability in Goople CMS 1.7 via the Notepad feature, accessible after authentication. It also includes a method to bypass login using JavaScript cookie manipulation.

Description

win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.

Exploits (2)

exploitdb WRITEUP VERIFIED
by x0r · textwebappsphp
https://www.exploit-db.com/exploits/7210

The exploit describes an arbitrary file creation vulnerability in Goople CMS 1.7 via the Notepad feature, accessible after authentication. It also includes a method to bypass login using JavaScript cookie manipulation.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Goople CMS 1.7
Auth required
Prerequisites: Access to the Notepad feature · JavaScript execution in the victim's browser for cookie manipulation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by BeyazKurt · textwebappsphp
https://www.exploit-db.com/exploits/7205

This exploit leverages an authentication bypass vulnerability in Goople CMS 1.7 by setting a 'loggedin' cookie via JavaScript, allowing unauthorized file uploads. The attacker can then upload malicious files (e.g., PHP/HTML) to achieve remote code execution.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Goople CMS 1.7
No auth needed
Prerequisites: Access to the target's upload.php page · JavaScript execution in the victim's browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46799
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3235
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32819
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32437
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7205

Scores

EPSS 0.0289
EPSS Percentile 85.1%

Details

CWE
CWE-287
Status published
Products (1)
goople_cms/goople_cms 1.7
Published Feb 11, 2009
Tracked Since Feb 18, 2026