CVE-2008-7240

Linux Web Shop (LWS) php User Base 1.3beta - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7240. PoCs published by BeyazKurt.

AI-analyzed exploit summary This exploit demonstrates a Local File Include (LFI) vulnerability in php User Base 1.3b. The vulnerability allows an attacker to include arbitrary files via the 'template' parameter in the 'include/unverified.inc.php' file.

Description

Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by BeyazKurt · textwebappsphp
https://www.exploit-db.com/exploits/5179

This exploit demonstrates a Local File Include (LFI) vulnerability in php User Base 1.3b. The vulnerability allows an attacker to include arbitrary files via the 'template' parameter in the 'include/unverified.inc.php' file.

Classification
Working Poc 90%
Attack Type
Lfi
Complexity
Trivial
Reliability
Reliable
Target: php User Base 1.3b
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/40793
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5179
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27964

Scores

EPSS 0.0634
EPSS Percentile 92.7%

Details

CWE
CWE-22 CWE-94
Status published
Products (1)
linuxwebshop/php_user_base 1.3 beta
Published Sep 17, 2009
Tracked Since Feb 18, 2026