CVE-2008-6158

w3b>cms < 3.2.0 - Multiple Unspecified Vulnerabilities in Admin Backend

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6158. PoCs published by DNX.

AI-analyzed exploit summary This exploit targets CVE-2008-6158 in w3blabor CMS v3.0.5, allowing arbitrary file upload via two separate vulnerabilities in media.inc.php and meinlogo.inc.php, as well as a Local File Inclusion (LFI) vulnerability in modul.inc.php. The script uploads a malicious file and executes it via LFI.

Description

Multiple unspecified vulnerabilities in the admin backend in w3b>cms (aka w3blabor CMS) before 3.2.0 have unknown impact and remote attack vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DNX · perlwebappsphp

https://www.exploit-db.com/exploits/7369

View Code ZIP pw:eip

This exploit targets CVE-2008-6158 in w3blabor CMS v3.0.5, allowing arbitrary file upload via two separate vulnerabilities in media.inc.php and meinlogo.inc.php, as well as a Local File Inclusion (LFI) vulnerability in modul.inc.php. The script uploads a malicious file and executes it via LFI.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: w3blabor CMS v3.0.5

No auth needed

Prerequisites: Target running w3blabor CMS v3.0.5 · magic_quotes_gpc disabled for LFI · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1205 - Traffic Signaling

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/52023

Various Sources x_refsource_confirm

http://forum.w3bcms.de/viewtopic.php?f=5&t=235

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/48823

Scores

EPSS 0.0291

EPSS Percentile 85.2%

Details

Status published

Products (2)

w3bcms/w3b\>cms 3.0.5

w3bcms/w3b\>cms < 3.1.0

Published Feb 17, 2009

Tracked Since Feb 18, 2026