CVE-2008-0615

DMSGuestbook 1.7.0-1.8.0 - Authenticated Path Traversal via Folder and File Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0615. PoCs published by NBBN.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in WordPress Plugin dmsguestbook 1.7.0, including file disclosure, XSS, and SQL injection. It provides specific exploit URLs, vulnerable code snippets, and attack vectors.

Description

Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by NBBN · textwebappsphp

https://www.exploit-db.com/exploits/5035

View Code ZIP pw:eip

This is a technical writeup detailing multiple vulnerabilities in WordPress Plugin dmsguestbook 1.7.0, including file disclosure, XSS, and SQL injection. It provides specific exploit URLs, vulnerable code snippets, and attack vectors.

Classification

Writeup 95%

Attack Type

Info Leak | Xss | Sqli

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin dmsguestbook 1.7.0

Auth required

Prerequisites: Admin access to WordPress · Plugin installed and activated

MITRE ATT&CK