CVE-2008-7268

SiteEngine 5.x - Exposure of Sensitive Information via phpinfo Action Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7268. PoCs published by xy7.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in SiteEngine 5.x, including SQL injection via improper use of the intval function, URI redirection, and information disclosure. The SQL injection POC bypasses parameter validation by appending non-numeric characters to the input.

Description

The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by xy7 · textwebappsphp
https://www.exploit-db.com/exploits/6823

The exploit demonstrates multiple vulnerabilities in SiteEngine 5.x, including SQL injection via improper use of the intval function, URI redirection, and information disclosure. The SQL injection POC bypasses parameter validation by appending non-numeric characters to the input.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: SiteEngine 5.x
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46180
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32404
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6823
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/497747/100/0/threaded

Scores

EPSS 0.0162
EPSS Percentile 73.0%

Details

CWE
CWE-200
Status published
Products (1)
boka/siteengine 5.0
Published Dec 01, 2010
Tracked Since Feb 18, 2026