CVE-2008-7180

Telephone Directory 2008 - Unauthenticated Arbitrary Contact Deletion via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7180. PoCs published by Stack.

AI-analyzed exploit summary This Perl script exploits an arbitrary contact deletion vulnerability in Telephone Directory 2008 by sending a crafted HTTP request to 'del_query1.php' with a user-supplied 'id' parameter. It uses LWP::UserAgent to perform the request and checks the response for confirmation of deletion.

Description

del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stack · perlwebappsphp

https://www.exploit-db.com/exploits/5769

View Code ZIP pw:eip

This Perl script exploits an arbitrary contact deletion vulnerability in Telephone Directory 2008 by sending a crafted HTTP request to 'del_query1.php' with a user-supplied 'id' parameter. It uses LWP::UserAgent to perform the request and checks the response for confirmation of deletion.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Telephone Directory 2008

No auth needed

Prerequisites: Target URL with vulnerable 'del_query1.php' endpoint · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5769

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42973

Scores

EPSS 0.0162

EPSS Percentile 72.9%

Details

CWE

CWE-20

Status published

Products (1)

rittwick_banerjee/telephone_directory_2008

Published Sep 08, 2009

Tracked Since Feb 18, 2026