CVE-2010-4608
Habari 0.6.5 - Unauthenticated Sensitive Information Exposure via Direct Request
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-4608. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary The document describes multiple vulnerabilities in Habari 0.6.5, including path disclosure and XSS vulnerabilities. It provides PoC URLs but no executable exploit code.
Description
Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an error message.
Exploits (1)
exploitdb
WRITEUP
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/15799
The document describes multiple vulnerabilities in Habari 0.6.5, including path disclosure and XSS vulnerabilities. It provides PoC URLs but no executable exploit code.
Classification
Writeup 100%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target:
Habari 0.6.5
No auth needed
Prerequisites:
register_globals enabled for XSS vulnerabilities
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
http://wiki.habariproject.org/en/Release_0.6.6
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/15799
Exploit x_refsource_misc
http://www.htbridge.ch/advisory/path_disclosure_in_habari.html
Scores
EPSS
0.0249
EPSS Percentile
82.6%
Details
CWE
CWE-200
Status
published
Products (1)
habariproject/habari
0.6.5
Published
Dec 29, 2010
Tracked Since
Feb 18, 2026