CVE-2008-6420

Socialsitegenerator Social Site Generator - Information Disclosure

Title source: rule

Description

Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Stack · textwebappsphp

https://www.exploit-db.com/exploits/5711

View Code ZIP pw:eip

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/5701

View on exploitdb

References (7)

[Vendor Advisory] http://secunia.com/advisories/30462

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42781

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/34149

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5711

[Third Party Advisory, VDB Entry] http://osvdb.org/45862

[Third Party Advisory, VDB Entry] http://osvdb.org/45863

[Third Party Advisory, VDB Entry] http://osvdb.org/45864

Scores

EPSS 0.1863

EPSS Percentile 95.2%

Classification

CWE

CWE-200

Status draft

Affected Products (1)

socialsitegenerator/social_site_generator

Timeline

Published Mar 06, 2009

Tracked Since Feb 18, 2026