CVE-2008-6530

eZoneScripts Living Local 1.1 - Authenticated Arbitrary PHP File Upload via editimage.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6530. PoCs published by Bgh7.

AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in Living Local V1.1, allowing authenticated users to upload malicious PHP shells. The steps involve registering, logging in, and exploiting the logo upload functionality to achieve remote code execution.

Description

Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Bgh7 · textwebappsphp
https://www.exploit-db.com/exploits/7408

This is a writeup describing an arbitrary file upload vulnerability in Living Local V1.1, allowing authenticated users to upload malicious PHP shells. The steps involve registering, logging in, and exploiting the logo upload functionality to achieve remote code execution.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Living Local V1.1
Auth required
Prerequisites: Access to registration and login pages · Valid user credentials · Ability to upload a malicious PHP file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32760
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47215
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7408

Scores

EPSS 0.0212
EPSS Percentile 79.5%

Details

Status published
Products (1)
ezonescripts/living_local 1.1
Published Mar 26, 2009
Tracked Since Feb 18, 2026