CVE-2008-7181

Butterfly Organizer 2.0.0 - RCE

Title source: llm

Description

Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stack · perlwebappsphp

https://www.exploit-db.com/exploits/5800

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5800

[Exploit] http://www.securityfocus.com/bid/29703

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43067

Scores

EPSS 0.0312

EPSS Percentile 86.9%

Details

CWE

CWE-264

Status published

Products (1)

butterflymedia/butterfly_organizer 2.0.0

Published Sep 08, 2009

Tracked Since Feb 18, 2026