CVE-2008-6581

PhpAddEdit 1.3 - Unauthenticated Authentication Bypass via addedit Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6581. PoCs published by x0r.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in PhpAddEdit 1.3 by manipulating the 'addedit' cookie to impersonate an admin user without requiring valid credentials.

Description

login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by x0r · textwebappsphp
https://www.exploit-db.com/exploits/7418

This exploit demonstrates an authentication bypass vulnerability in PhpAddEdit 1.3 by manipulating the 'addedit' cookie to impersonate an admin user without requiring valid credentials.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: PhpAddEdit 1.3
No auth needed
Prerequisites: knowledge of the admin username
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32779
Patch, Vendor Advisory x_refsource_confirm
http://www.phpaddedit.com/page/new/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7418
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/50674
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47264
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33124

Scores

EPSS 0.0333
EPSS Percentile 87.0%

Details

CWE
CWE-287
Status published
Products (1)
phpaddedit/phpaddedit 1.3
Published Apr 02, 2009
Tracked Since Feb 18, 2026