CVE-2008-1993

acidcat_cms 3.4.1 - Unauthenticated Arbitrary File Upload via FCKEditor

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1993. PoCs published by BugReport.IR.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Acidcat CMS 3.4.1, including SQL injection for credential theft, authentication bypass, XSS, and unauthorized file upload via FCKEditor. It provides functional PoC code for these issues.

Description

Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/5478

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Acidcat CMS 3.4.1, including SQL injection for credential theft, authentication bypass, XSS, and unauthorized file upload via FCKEditor. It provides functional PoC code for these issues.

Classification

Working Poc 95%

Attack Type

Sqli | Xss | Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Acidcat CMS 3.4.1

No auth needed

Prerequisites: Network access to the target web application

MITRE ATT&CK