CVE-2008-2680

Realm CMS < 2.3 - Cross-Site Scripting via CmpctedDB or Boyut Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2680. PoCs published by BugReport.IR.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Realm CMS 2.3 and prior, including broken authentication via cookie manipulation, SQL injection in the 'KeyWordsList' function, and XSS/DB path disclosure in '/cms/_db/compact.asp'. It provides specific exploit details and mitigation steps.

Description

Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp in Realm CMS 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) CmpctedDB and (2) Boyut parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/5766

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in Realm CMS 2.3 and prior, including broken authentication via cookie manipulation, SQL injection in the 'KeyWordsList' function, and XSS/DB path disclosure in '/cms/_db/compact.asp'. It provides specific exploit details and mitigation steps.

Classification

Writeup 90%

Attack Type

Auth Bypass | Sqli | Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Realm CMS 2.3 and prior

No auth needed

Prerequisites: Access to the target application · Ability to manipulate cookies and HTTP requests

MITRE ATT&CK