CVE-2008-0233

Zero CMS 1.0 Alpha and earlier - Unauthenticated Arbitrary File Upload via Avatar Content-Type Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0233. PoCs published by KiNgOfThEwOrLd.

AI-analyzed exploit summary The exploit demonstrates a file upload vulnerability in Zero CMS by bypassing the avatar upload extension filter via Content-Type manipulation. It also includes SQL injection examples targeting unfiltered database variables.

Description

Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg.

Exploits (1)

exploitdb WORKING POC VERIFIED

by KiNgOfThEwOrLd · textwebappsphp

https://www.exploit-db.com/exploits/4864

View Code ZIP pw:eip

The exploit demonstrates a file upload vulnerability in Zero CMS by bypassing the avatar upload extension filter via Content-Type manipulation. It also includes SQL injection examples targeting unfiltered database variables.

Classification

Working Poc 90%

Attack Type

Rce | Sqli

Complexity

Trivial

Reliability

Reliable

Target: Zero CMS <= 1.0 Alpha

Auth required

Prerequisites: Access to user account for avatar upload · Network access to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.org/0801-exploits/zerocms-sql.txt

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4864

Scores

EPSS 0.0221

EPSS Percentile 80.3%

Details

CWE

CWE-264

Status published

Products (1)

zero_cms/zero_cms 1.0_alpha

Published Jan 11, 2008

Tracked Since Feb 18, 2026