Description
Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by StAkeR · pythonwebappsphp
https://www.exploit-db.com/exploits/5758
References (3)
Core 3
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/5758
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29595
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42923
Scores
EPSS
0.0330
EPSS Percentile
87.3%
Details
CWE
CWE-22
Status
published
Products (1)
gwm/galatolo_webmanager
1.0
Published
Jun 13, 2008
Tracked Since
Feb 18, 2026