CVEs-PoC/2008/CVE-2008-3033.md

### [CVE-2008-3033](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3033)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.

### POC

#### Reference
- http://securityreason.com/securityalert/3975

#### Github
No PoCs found on GitHub currently.