AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2008-4720: Multiple PHP remote file inclusion vulnerabilities in The Gemini Portal 4.7 allow remote attackers to execute arbitrary

infovulnerability

security

Source: NVD/CVE DatabaseOctober 23, 2008CVE-2008-4720

Summary

CVE-2008-4720 is a remote file inclusion vulnerability (a type of code injection flaw where an attacker tricks a website into loading and running code from a URL they control) found in The Gemini Portal version 4.7. Attackers could exploit this by injecting a malicious URL into the 'lang' parameter of two specific files, allowing them to execute arbitrary PHP code (custom commands) on the affected server.

Vulnerability Details

CVSS Score

9.3

EPSS (30-day exploit probability)

EPSS: 3.4%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-94

CAPEC (Attack Pattern)

CAPEC-242

Original source: https://nvd.nist.gov/vuln/detail/CVE-2008-4720

First tracked: February 15, 2026 at 08:51 PM

Classified by LLM (prompt v3) · confidence: 95%