CVE-2008-6933

MiniGal b13 - Path Traversal via List Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6933. PoCs published by Alfons Luja.

AI-analyzed exploit summary This exploit targets a source code disclosure vulnerability in MiniGal b13 by sending a crafted HTTP GET request to retrieve the admin password hash. The PoC decodes a base64-encoded path to access sensitive configuration files.

Description

Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2) allows remote attackers to read the source code of .php files, and possibly the content of other files, via a .. (dot dot) in the list parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alfons Luja · phpwebappsphp

https://www.exploit-db.com/exploits/7130

View Code ZIP pw:eip

This exploit targets a source code disclosure vulnerability in MiniGal b13 by sending a crafted HTTP GET request to retrieve the admin password hash. The PoC decodes a base64-encoded path to access sensitive configuration files.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: MiniGal b13

No auth needed

Prerequisites: Network access to the target web server · MiniGal b13 installed with default or vulnerable configuration

MITRE ATT&CK

T1119 - Automated Collection T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46635

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32312

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7130

Scores

EPSS 0.0267

EPSS Percentile 83.8%

Details

CWE

CWE-22

Status published

Products (1)

minigal/minigal b13

Published Aug 11, 2009

Tracked Since Feb 18, 2026