CVEs-PoC/2008/CVE-2008-4141.md

### [CVE-2008-4141](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4141)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php.

### POC

#### Reference
- http://packetstormsecurity.org/0809-exploits/x10media-rfi.txt
- http://securityreason.com/securityalert/4294
- https://www.exploit-db.com/exploits/6480

#### Github
No PoCs found on GitHub currently.