CVE-2008-2782

OtomiGenX 2.2 - Directory Traversal and Arbitrary File Execution via Lang Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2782. PoCs published by Saime.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in OtomigenX v2.2, allowing an attacker to read arbitrary files (e.g., /etc/passwd) by manipulating the 'lang' parameter in rss.php or library_rss.php.

Description

Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Saime · textwebappsphp

https://www.exploit-db.com/exploits/5680

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in OtomigenX v2.2, allowing an attacker to read arbitrary files (e.g., /etc/passwd) by manipulating the 'lang' parameter in rss.php or library_rss.php.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: OtomigenX v2.2

No auth needed

Prerequisites: Access to the vulnerable web application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5680

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1678/references

Product x_refsource_confirm

http://sourceforge.net/forum/forum.php?forum_id=834373

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42665

Scores

EPSS 0.0242

EPSS Percentile 82.0%

Details

CWE

CWE-200 CWE-22

Status published

Products (1)

otomigenx/otomigenx 2.2

Published Jun 19, 2008

Tracked Since Feb 18, 2026