CVE-2008-7172

Lightweight news portal 1.0b - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7172. PoCs published by storm.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in LNP: Lightweight news Portal v1.0-BETA, including XSS, insecure administration, permanent code injection, and file upload issues. It provides specific exploit paths and technical details but does not include functional exploit code.

Description

Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.

Exploits (1)

exploitdb WRITEUP VERIFIED
by storm · textwebappsphp
https://www.exploit-db.com/exploits/5873

This is a technical writeup detailing multiple vulnerabilities in LNP: Lightweight news Portal v1.0-BETA, including XSS, insecure administration, permanent code injection, and file upload issues. It provides specific exploit paths and technical details but does not include functional exploit code.

Classification
Writeup 95%
Attack Type
Xss | Auth Bypass | Other
Complexity
Trivial
Reliability
Reliable
Target: LNP: Lightweight news Portal v1.0-BETA
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29848
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5873
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43225

Scores

EPSS 0.0229
EPSS Percentile 80.9%

Details

CWE
CWE-264
Status published
Products (1)
yanick_bourbeau/lightweight_news_portal 1.0b
Published Sep 08, 2009
Tracked Since Feb 18, 2026