CVE-2008-6196

Philippe CROCHAT EasySite 2.0 - Remote Code Execution via EASYSITE_BASE Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-6196. PoCs published by ZoRLu.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in EasySite 2.0, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but does not include executable exploit code.

Description

Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT EasySite 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the EASYSITE_BASE parameter to (1) browser.php, (2) image_editor.php and (3) skin_chooser.php in configuration/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (3)

exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31589

The provided text describes a remote file inclusion vulnerability in EasySite 2.0, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: EasySite 2.0
No auth needed
Prerequisites: Network access to the target application · Ability to craft malicious URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31588

The provided text describes a remote file inclusion vulnerability in EasySite 2.0, where insufficient sanitization of user-supplied data allows an attacker to include arbitrary files. The example URL demonstrates the vulnerability but does not include executable exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: EasySite 2.0
No auth needed
Prerequisites: Network access to the target application · Knowledge of the vulnerable parameter
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31587

This exploit demonstrates a remote file inclusion vulnerability in EasySite 2.0 by manipulating the 'EASYSITE_BASE' parameter in 'browser.php' to include arbitrary files. The vulnerability arises due to insufficient sanitization of user-supplied input.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: EasySite 2.0
No auth needed
Prerequisites: Network access to the target application · Target application must be running EasySite 2.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28563
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41630

Scores

EPSS 0.0254
EPSS Percentile 82.9%

Details

CWE
CWE-94
Status published
Products (1)
philippe_crochat/easysite 2.0
Published Feb 20, 2009
Tracked Since Feb 18, 2026