CVE-2008-7181

Butterfly Organizer 2.0.0 - Unauthenticated Arbitrary Category and Account Deletion via Parameter Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7181. PoCs published by Stack.

AI-analyzed exploit summary This Perl script exploits an arbitrary deletion vulnerability in Butterfly Organizer 2.0.0 by sending crafted HTTP requests to delete categories or accounts without proper authentication. It uses LWP::UserAgent to interact with the target application.

Description

Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Stack · perlwebappsphp
https://www.exploit-db.com/exploits/5800

This Perl script exploits an arbitrary deletion vulnerability in Butterfly Organizer 2.0.0 by sending crafted HTTP requests to delete categories or accounts without proper authentication. It uses LWP::UserAgent to interact with the target application.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Butterfly Organizer 2.0.0
No auth needed
Prerequisites: Network access to the target application · Knowledge of the category or account name to delete
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5800
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29703
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43067

Scores

EPSS 0.0229
EPSS Percentile 80.9%

Details

CWE
CWE-264
Status published
Products (1)
butterflymedia/butterfly_organizer 2.0.0
Published Sep 08, 2009
Tracked Since Feb 18, 2026