CVE-2005-3789

phpwcms 1.2.5 - Directory Traversal via form_lang or imgdir Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3789. PoCs published by Stefan Lochbihler.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in phpWCMS due to improper input sanitization. An attacker can leverage this to read arbitrary files, such as /etc/passwd, by manipulating the 'form_lang' parameter.

Description

Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Stefan Lochbihler · textwebappsphp

https://www.exploit-db.com/exploits/26512

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in phpWCMS due to improper input sanitization. An attacker can leverage this to read arbitrary files, such as /etc/passwd, by manipulating the 'form_lang' parameter.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: phpWCMS (version not specified)

No auth needed

Prerequisites: Access to the target URL with the vulnerable parameter

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Stefan Lochbihler · textwebappsphp

https://www.exploit-db.com/exploits/26513

View Code ZIP pw:eip

The provided code is a writeup describing a directory traversal vulnerability in phpWCMS, allowing an attacker to access sensitive files by manipulating the 'imgdir' parameter. It does not contain executable exploit code but explains the vulnerability.

Classification

Writeup 80%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: phpWCMS (version not specified)

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/2452

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15436/

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=113207712719472&w=2

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17590/

Scores

EPSS 0.0342

EPSS Percentile 87.4%

Details

Status published

Products (1)

phpwcms/phpwcms 1.2.5_dev

Published Nov 24, 2005

Tracked Since Feb 18, 2026