CVE-2008-6478

Parallels Virtuozzo Containers - Cross-Site Request Forgery in VZPP File Manager

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6478. PoCs published by poplix.

AI-analyzed exploit summary This exploit leverages a CSRF vulnerability in Parallels Virtuozzo Containers to overwrite the /etc/passwd.demo file, allowing an attacker to perform file-management actions with the privileges of the logged-in user. It uses hidden iframes and forms to delete and recreate the file with malicious content.

Description

Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index.

Exploits (1)

exploitdb WORKING POC VERIFIED

by poplix · htmlwebappsphp

https://www.exploit-db.com/exploits/31603

View Code ZIP pw:eip

This exploit leverages a CSRF vulnerability in Parallels Virtuozzo Containers to overwrite the /etc/passwd.demo file, allowing an attacker to perform file-management actions with the privileges of the logged-in user. It uses hidden iframes and forms to delete and recreate the file with malicious content.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Parallels Virtuozzo Containers 3.0.0-25.4.swsoft and 4.0.0-365.6.swsoft

Auth required

Prerequisites: Victim must be logged into the Virtuozzo web interface · Attacker must know the target VPS address · Target must have a vulnerable version of Virtuozzo Containers

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →