CVE-2008-6336

Text Lines Rearrange Script 1.0 - Path Traversal via Filename Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6336. PoCs published by SirGod.

AI-analyzed exploit summary This exploit demonstrates a file disclosure vulnerability in the 'download.php' script, allowing an attacker to read arbitrary local files by manipulating the 'filename' parameter. The vulnerable code does not sanitize user input, leading to unauthorized file access.

Description

Directory traversal vulnerability in download.php in Text Lines Rearrange Script 1.0, when register_globals is enabled, allows remote attackers to read arbitrary local files via directory traversal sequences in the filename parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SirGod · textwebappsphp
https://www.exploit-db.com/exploits/7542

This exploit demonstrates a file disclosure vulnerability in the 'download.php' script, allowing an attacker to read arbitrary local files by manipulating the 'filename' parameter. The vulnerable code does not sanitize user input, leading to unauthorized file access.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Text Lines Rearrange Script (version not specified)
No auth needed
Prerequisites: Access to the vulnerable 'download.php' script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32968
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7542
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33276

Scores

EPSS 0.0220
EPSS Percentile 80.2%

Details

CWE
CWE-22
Status published
Products (1)
rightscripts/text_lines_rearrange_script 1.0
Published Feb 27, 2009
Tracked Since Feb 18, 2026