CVE-2008-1992

Acidcat CMS 3.4.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1992. PoCs published by BugReport.IR.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Acidcat CMS 3.4.1, including SQL injection for credential theft, authentication bypass, XSS, and unauthorized file upload via FCKEditor. It provides functional PoC code for these issues.

Description

Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromName, and To fields.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/5478

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Acidcat CMS 3.4.1, including SQL injection for credential theft, authentication bypass, XSS, and unauthorized file upload via FCKEditor. It provides functional PoC code for these issues.

Classification

Working Poc 95%

Attack Type

Sqli | Xss | Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Acidcat CMS 3.4.1

No auth needed

Prerequisites: Network access to the target web application

MITRE ATT&CK