CVE-2008-6731

FlexPHPLink Pro 0.0.7 - Unauthenticated Arbitrary File Upload via submitlink.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6731. PoCs published by Osirys.

AI-analyzed exploit summary This exploit targets an arbitrary file upload vulnerability in Flexphplink Pro, allowing an attacker to upload a malicious PHP file and achieve remote command execution or admin credential disclosure. The script automates the upload process and provides interactive options for post-exploitation.

Description

Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Osirys · perlwebappsphp

https://www.exploit-db.com/exploits/7600

View Code ZIP pw:eip

This exploit targets an arbitrary file upload vulnerability in Flexphplink Pro, allowing an attacker to upload a malicious PHP file and achieve remote command execution or admin credential disclosure. The script automates the upload process and provides interactive options for post-exploitation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Flexphplink Pro

No auth needed

Prerequisites: Target must have Flexphplink Pro installed with the vulnerable submitlink.php endpoint accessible

MITRE ATT&CK