CVE-2008-0814
TRUC 0.11.0 - Path Traversal via download.php upload_filename Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-0814. PoCs published by GoLd_M.
AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in TRUC 0.11.0's download.php, allowing remote attackers to read arbitrary files by manipulating the upload_filename parameter. The PoC includes examples for accessing sensitive files like config_inc.php and /etc/passwd.
Description
Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter.
Exploits (1)
This exploit demonstrates a directory traversal vulnerability in TRUC 0.11.0's download.php, allowing remote attackers to read arbitrary files by manipulating the upload_filename parameter. The PoC includes examples for accessing sensitive files like config_inc.php and /etc/passwd.