CVE-2008-7042

FreshScripts Fresh Email Script 1.0-1.11 - Remote Code Execution via tmp_sid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7042. PoCs published by Don.

AI-analyzed exploit summary This is a vulnerability writeup for CVE-2008-7043, detailing file inclusion and cookie manipulation vulnerabilities in Fresh Email Script versions 1.0 to 1.11. It describes the attack vectors but does not include executable exploit code.

Description

PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Don · textwebappsphp
https://www.exploit-db.com/exploits/7080

This is a vulnerability writeup for CVE-2008-7043, detailing file inclusion and cookie manipulation vulnerabilities in Fresh Email Script versions 1.0 to 1.11. It describes the attack vectors but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Fresh Email Script versions 1.0 to 1.11
No auth needed
Prerequisites: Access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3096
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46527
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7080
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32241

Scores

EPSS 0.0231
EPSS Percentile 81.1%

Details

CWE
CWE-94
Status published
Products (2)
freshscripts/fresh_email_script 1.0
freshscripts/fresh_email_script 1.11
Published Aug 24, 2009
Tracked Since Feb 18, 2026