CVE-2008-1409

Exero CMS 1.0.1 - Path Traversal via Theme Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1409. PoCs published by GoLd_M.

AI-analyzed exploit summary This exploit demonstrates multiple Local File Inclusion (LFI) vulnerabilities in Exero CMS 1.0.1 by manipulating the 'theme' parameter with a null byte (%00) to include arbitrary local files. The PoC lists specific endpoints where the vulnerability can be triggered.

Description

Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by GoLd_M · textwebappsphp
https://www.exploit-db.com/exploits/5265

This exploit demonstrates multiple Local File Inclusion (LFI) vulnerabilities in Exero CMS 1.0.1 by manipulating the 'theme' parameter with a null byte (%00) to include arbitrary local files. The PoC lists specific endpoints where the vulnerability can be triggered.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Exero CMS 1.0.1
No auth needed
Prerequisites: Access to the vulnerable Exero CMS instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0909/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28273
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41238
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5265

Scores

EPSS 0.0242
EPSS Percentile 82.0%

Details

CWE
CWE-22
Status published
Products (1)
exero/exero_cms 1.0.1
Published Mar 20, 2008
Tracked Since Feb 18, 2026