CVE-2008-2081

Siteman 2.0.x2 - Authenticated Path Traversal via Module Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2081. PoCs published by Khashayar Fereidani.

AI-analyzed exploit summary This is a writeup detailing multiple vulnerabilities in Siteman 2.X, including XSS, LFI, and code execution. It provides step-by-step instructions for exploitation but does not include actual exploit code.

Description

Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Khashayar Fereidani · textwebappsphp
https://www.exploit-db.com/exploits/5499

This is a writeup detailing multiple vulnerabilities in Siteman 2.X, including XSS, LFI, and code execution. It provides step-by-step instructions for exploitation but does not include actual exploit code.

Classification
Writeup 90%
Attack Type
Xss | Lfi | Rce
Complexity
Moderate
Reliability
Theoretical
Target: Siteman 2.X
Auth required
Prerequisites: Admin credentials for code execution and LFI · Access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28943
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42022
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5499
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42021

Scores

EPSS 0.0304
EPSS Percentile 85.8%

Details

CWE
CWE-22
Status published
Products (1)
siteman/siteman 2.0
Published May 05, 2008
Tracked Since Feb 18, 2026