CVE-2008-6551

EIP tracks 1 public exploit for CVE-2008-6551. PoCs published by StAkeR.

AI-analyzed exploit summary This exploit targets a Local File Inclusion (LFI) vulnerability in e-Vision <= 2.0.2 by manipulating the 'module' parameter in various admin scripts to read arbitrary files. It checks for Magic Quotes GPC and attempts to exploit the vulnerability via multiple endpoints.

Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) an adminlang cookie to admin/ind_ex.php; or the module parameter to (2) 3rdparty/adminpart/add3rdparty.php, (3) polling/adminpart/addpolling.php, (4) contact/adminpart/addcontact.php, (5) brandnews/adminpart/addbrandnews.php, (6) newsletter/adminpart/addnewsletter.php, (7) game/adminpart/addgame.php, (8) tour/adminpart/addtour.php, (9) articles/adminpart/addarticles.php, (10) product/adminpart/addproduct.php, or (11) plain/adminpart/addplain.php in modules/.