CVE-2008-6825

Exploitation Summary

EIP tracks 4 public exploits for CVE-2008-6825. PoCs published by Metasploit, muts, Jean-Michel BESNARD, including Metasploit module exploits/unix/webapp/trixbox_langchoice.

AI-analyzed exploit summary This Metasploit module exploits a PHP Local File Inclusion vulnerability in Trixbox CE 2.6.1 by injecting malicious PHP code into the session file and then executing it via the langChoice parameter.

Description

Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/16904

View Code ZIP pw:eip

This Metasploit module exploits a PHP Local File Inclusion vulnerability in Trixbox CE 2.6.1 by injecting malicious PHP code into the session file and then executing it via the langChoice parameter.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Trixbox CE 2.6.1

No auth needed

Prerequisites: Access to the target's web interface · PHP session handling enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by muts · pythonremotelinux

https://www.exploit-db.com/exploits/6045

View Code ZIP pw:eip

This exploit targets a PHP session file inclusion vulnerability in TrixBox 2.6.1 to inject a reverse shell payload via the 'langChoice' parameter. It extracts the session ID, triggers the payload, and establishes a root shell.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: TrixBox 2.6.1

No auth needed

Prerequisites: Network access to the target · PHP session handling enabled · Outbound connectivity for reverse shell

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Jean-Michel BESNARD · perlwebappslinux

https://www.exploit-db.com/exploits/6026

View Code ZIP pw:eip

This exploit targets a directory traversal vulnerability in Trixbox's PHP session handling to achieve remote code execution. It leverages a reverse shell payload via Perl's Socket module, with options for root or asterisk user privileges via sudo.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Trixbox (version not specified, likely pre-2008)

No auth needed

Prerequisites: Network access to the target · PHP session handling vulnerability in Trixbox

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC MANUAL

by chao-mu · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/trixbox_langchoice.rb

View Code ZIP pw:eip

This Metasploit module exploits a PHP Local File Inclusion vulnerability in Trixbox by injecting malicious PHP code into the session file and then triggering its execution via the langChoice parameter.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Trixbox CE 2.6.1

No auth needed

Prerequisites: Network access to the target · PHP session handling enabled · Default or known path for session files

MITRE ATT&CK