CVE-2008-2483

Xomol CMS 1.20071213 - Path Traversal via 'op' Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2483. PoCs published by DNX.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass via SQL injection and a local file inclusion (LFI) vulnerability in Xomol CMS v1. The SQLi bypass requires magic_quotes_gpc to be off, while the LFI allows arbitrary file reading via path traversal.

Description

Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the op parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by DNX · textwebappsphp
https://www.exploit-db.com/exploits/5673

This exploit demonstrates an authentication bypass via SQL injection and a local file inclusion (LFI) vulnerability in Xomol CMS v1. The SQLi bypass requires magic_quotes_gpc to be off, while the LFI allows arbitrary file reading via path traversal.

Classification
Working Poc 95%
Attack Type
Sqli | Auth Bypass | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Xomol CMS v1
No auth needed
Prerequisites: magic_quotes_gpc = off for SQLi bypass · access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29359
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5673
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1644/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42632
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30374

Scores

EPSS 0.0192
EPSS Percentile 77.2%

Details

CWE
CWE-22
Status published
Products (1)
xomol/xomol_cms 1.20071213
Published May 28, 2008
Tracked Since Feb 18, 2026