CVE-2008-1962

Aterr 0.9.1 - Path Traversal via Class or File Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1962. PoCs published by KnocKout.

AI-analyzed exploit summary This is a writeup describing a Local File Inclusion (LFI) vulnerability in Atter 0.9.1. It provides URLs to exploit the vulnerability but does not include functional exploit code.

Description

Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) class parameter to include/functions.inc.php and the (2) file parameter to include/common.inc.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by KnocKout · textwebappsphp
https://www.exploit-db.com/exploits/5474

This is a writeup describing a Local File Inclusion (LFI) vulnerability in Atter 0.9.1. It provides URLs to exploit the vulnerability but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Atter 0.9.1
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41903
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5474
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28861

Scores

EPSS 0.0185
EPSS Percentile 76.3%

Details

CWE
CWE-22
Status published
Products (1)
chimaera/aterr 0.9.1
Published Apr 25, 2008
Tracked Since Feb 18, 2026