CVE-2008-4319

N/A Unknown

Published: September 29, 2008 Modified: April 23, 2026

Description

fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.securityfocus.com/archive/1/496742

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/31415

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/45423

Source: cve@mitre.org

https://www.exploit-db.com/exploits/6567

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/496742

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/31415

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/45423

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/6567

Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

3.4%

87th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-287

Affected Vendors

libra_file_manager

Related CVEs

CVE-2026-41279 N/A

CVE-2026-41278 N/A

CVE-2026-41277 N/A

CVE-2026-41276 N/A

CVE-2026-41275 N/A