CVE-2008-1169

SCI Photo Chat Server <3.4.9 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1169. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in SCI Photo Chat 3.4.9 and prior versions. By manipulating the URL path, an attacker can access sensitive files like boot.ini outside the intended directory.

Description

Directory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot forward slash) in the GET command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textremotewindows

https://www.exploit-db.com/exploits/31231

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in SCI Photo Chat 3.4.9 and prior versions. By manipulating the URL path, an attacker can access sensitive files like boot.ini outside the intended directory.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SCI Photo Chat 3.4.9 and prior

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0614

Third Party Advisory x_refsource_misc

http://aluigi.altervista.org/adv/scichatdt-adv.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/40655

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27872

Scores

EPSS 0.0282

EPSS Percentile 84.7%

Details

CWE

CWE-22

Status published

Products (1)

simm-comm/sci_photo_chat < 3.4.9

Published Mar 05, 2008

Tracked Since Feb 18, 2026