CVE-2008-6545

Web Server Creator Web Portal 0.1 - Remote Code Execution via langfile Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6545. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Web Server Creator 0.1 by manipulating the 'langfile' parameter in 'createdb.php' to include an arbitrary file. The vulnerability arises due to insufficient sanitization of user-supplied input.

Description

PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31616

This exploit demonstrates a remote file inclusion vulnerability in Web Server Creator 0.1 by manipulating the 'langfile' parameter in 'createdb.php' to include an arbitrary file. The vulnerability arises due to insufficient sanitization of user-supplied input.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Web Server Creator 0.1
No auth needed
Prerequisites: Access to the target web server · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43555
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/53093
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28631

Scores

EPSS 0.0233
EPSS Percentile 81.3%

Details

CWE
CWE-94
Status published
Products (1)
comscripts/web_server_creator_web_portal 0.1
Published Mar 30, 2009
Tracked Since Feb 18, 2026