CVE-2008-2186

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-2186. PoCs published by BugReport.IR, Hadi Kiamarsi.

AI-analyzed exploit summary This is a vulnerability writeup detailing multiple issues in ChiCoMaS CMS, including database information disclosure, unauthorized access to backups, and reflected XSS. No exploit code is provided, only PoC URLs.

Description

Cross-site scripting (XSS) vulnerability in index.php in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/7532

View Code ZIP pw:eip

This is a vulnerability writeup detailing multiple issues in ChiCoMaS CMS, including database information disclosure, unauthorized access to backups, and reflected XSS. No exploit code is provided, only PoC URLs.

Classification

Writeup 100%

Attack Type

Info Leak | Auth Bypass | Xss

Complexity

Trivial

Reliability

Reliable

Target: ChiCoMaS CMS <= 2.0.4

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1083 - File and Directory Discovery T1592 - Gather Victim Host Information T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Hadi Kiamarsi · textwebappsphp

https://www.exploit-db.com/exploits/31727

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in ChiCoMaS 2.0.4 by injecting malicious JavaScript via the 'q' parameter in the URL. The PoC shows how an attacker can execute arbitrary script code in the context of the affected site.