CVE-2008-6848

phpGreetCards 3.7 - Cross-Site Scripting via Category Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6848. PoCs published by Valentin, ahmadbady.

AI-analyzed exploit summary This is a writeup detailing XSS vulnerabilities in phpGreetCards version 3.7. It provides an example URL with multiple parameters susceptible to XSS attacks.

Description

Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Valentin · textwebappsphp

https://www.exploit-db.com/exploits/12345

View Code ZIP pw:eip

This is a writeup detailing XSS vulnerabilities in phpGreetCards version 3.7. It provides an example URL with multiple parameters susceptible to XSS attacks.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: phpGreetCards 3.7

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by ahmadbady · textwebappsphp

https://www.exploit-db.com/exploits/7561

View Code ZIP pw:eip

This exploit demonstrates a file upload vulnerability in phpGreetCards, allowing remote shell upload and XSS via the 'category' parameter. The PoC provides a dork and instructions for exploitation.

Classification

Working Poc 80%