CVE-2008-6613

minimal-ablog 0.4 - Unauthenticated Privilege Escalation via uploader.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6613. PoCs published by NoGe.

AI-analyzed exploit summary The exploit demonstrates SQL injection, file upload, and admin bypass vulnerabilities in minimal-ablog 0.4. It provides specific URLs and parameters to exploit these issues, including a demo SQL injection payload.

Description

uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by NoGe · textwebappsphp

https://www.exploit-db.com/exploits/7306

View Code ZIP pw:eip

The exploit demonstrates SQL injection, file upload, and admin bypass vulnerabilities in minimal-ablog 0.4. It provides specific URLs and parameters to exploit these issues, including a demo SQL injection payload.

Classification

Working Poc 90%

Attack Type

Sqli | Auth Bypass | Other

Complexity

Trivial

Reliability

Reliable

Target: minimal-ablog version 0.4

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7306

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46965

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/50350

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32886

Scores

EPSS 0.0245

EPSS Percentile 82.2%

Details

CWE

CWE-264

Status published

Products (1)

abweb/minimal-ablog 0.4

Published Apr 06, 2009

Tracked Since Feb 18, 2026