CVE-2008-1606

Elastic Path <4.1-4.1.1 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-1606. PoCs published by Daniel Martin Gomez.

AI-analyzed exploit summary The provided text describes multiple input-validation vulnerabilities in Elastic Path, including local file inclusion, arbitrary file upload, and directory traversal. It includes a proof-of-concept URL for directory traversal but lacks executable exploit code.

Description

Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Daniel Martin Gomez · textwebappsjsp
https://www.exploit-db.com/exploits/31445

The provided text describes multiple input-validation vulnerabilities in Elastic Path, including local file inclusion, arbitrary file upload, and directory traversal. It includes a proof-of-concept URL for directory traversal but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Elastic Path 4.1, 4.1.1
Auth required
Prerequisites: Authenticated access to the application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Daniel Martin Gomez · textwebappsjsp
https://www.exploit-db.com/exploits/31446

The provided text describes multiple input-validation vulnerabilities in Elastic Path, including local file inclusion, arbitrary file upload, and directory traversal. It includes a proof-of-concept URL for directory traversal but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Elastic Path 4.1 and 4.1.1
Auth required
Prerequisites: Authenticated access to the application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Various Sources x_refsource_misc
http://weblog.nomejortu.com/?p=37
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28352
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41356
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41364
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29496

Scores

EPSS 0.0214
EPSS Percentile 79.8%

Details

CWE
CWE-22
Status published
Products (2)
elastic_path/elastic_path 4.1
elastic_path/elastic_path 4.1.1
Published Apr 01, 2008
Tracked Since Feb 18, 2026