CVE-2008-0466

Web Wiz Rich Text Editor 4.0, Forums 9.07, Newspad 1.02 - Unauthenticated Directory Listing & File Read

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-0466. PoCs published by BugReport.IR.

AI-analyzed exploit summary The advisory details a directory traversal vulnerability in Web Wiz Rich Text Editor 4.0, allowing unauthenticated attackers to list directories and create HTML/HTM files on the server via the 'FolderName' parameter in 'RTE_file_browser.asp'. It includes proof-of-concept URLs and mitigation steps.

Description

Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.

Exploits (2)

exploitdb WRITEUP VERIFIED
by BugReport.IR · textwebappsasp
https://www.exploit-db.com/exploits/4971

The advisory details a directory traversal vulnerability in Web Wiz Rich Text Editor 4.0, allowing unauthenticated attackers to list directories and create HTML/HTM files on the server via the 'FolderName' parameter in 'RTE_file_browser.asp'. It includes proof-of-concept URLs and mitigation steps.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Web Wiz Rich Text Editor 4.0
No auth needed
Prerequisites: Access to the vulnerable 'RTE_file_browser.asp' endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by BugReport.IR · textwebappsasp
https://www.exploit-db.com/exploits/4970

This is a writeup describing a directory traversal vulnerability in Web Wiz Forums 9.07. The vulnerability allows unauthenticated attackers to list directories and files via the 'FolderName' parameter in 'RTE_file_browser.asp' and 'file_browser.asp'.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Web Wiz Forums 9.07
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486868/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4970
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4971
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27419
Various Sources x_refsource_misc
http://www.bugreport.ir/?/29
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3584
Various Sources x_refsource_misc
http://www.bugreport.ir/?/31
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1019267
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486866/100/0/threaded

Scores

EPSS 0.0493
EPSS Percentile 91.0%

Details

CWE
CWE-287
Status published
Products (3)
webwiz/web_wiz_forums 9.07
webwiz/web_wiz_newspad 1.02
webwiz/web_wiz_rich_text_editor 4.0
Published Jan 29, 2008
Tracked Since Feb 18, 2026