CVE-2008-0458
SLAED CMS 2.5 Lite - Remote File Inclusion via newlang Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-0458. PoCs published by The_HuliGun.
AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in SLAED CMS 2.5 Lite due to improper filtering of the 'newlang' parameter. The vulnerability allows an attacker to read arbitrary files on the server by manipulating the 'newlang' parameter in the URL.
Description
Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to index.php.
Exploits (1)
This exploit demonstrates a Local File Inclusion (LFI) vulnerability in SLAED CMS 2.5 Lite due to improper filtering of the 'newlang' parameter. The vulnerability allows an attacker to read arbitrary files on the server by manipulating the 'newlang' parameter in the URL.