CVE-2008-0812
BanPro net_banpro_dms 1.0 - Path Traversal via DMS/index.php Action Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-0812. PoCs published by muuratsalo.
AI-analyzed exploit summary This exploit demonstrates a local file inclusion vulnerability in BanPro DMS 1.0 via directory traversal. The attacker can read arbitrary files by manipulating the 'action' parameter in the URL.
Description
Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the action parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by muuratsalo · textwebappsphp
https://www.exploit-db.com/exploits/31217
This exploit demonstrates a local file inclusion vulnerability in BanPro DMS 1.0 via directory traversal. The attacker can read arbitrary files by manipulating the 'action' parameter in the URL.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
BanPro DMS 1.0
No auth needed
Prerequisites:
Access to the target web application
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27831
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3666
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28992
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488271/100/0/threaded
Scores
EPSS
0.0229
EPSS Percentile
80.9%
Details
CWE
CWE-22
Status
published
Products (1)
banpro/net_banpro_dms
1.0
Published
Feb 19, 2008
Tracked Since
Feb 18, 2026