CVE-2008-2820

Open Azimyt CMS 0.21-0.22 - Path Traversal via Lang Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2820. PoCs published by DSecRG.

AI-analyzed exploit summary This exploit demonstrates a Local File Include (LFI) vulnerability in Open Azimyt CMS versions 0.22 minimal and 0.21 stable. The vulnerability allows an attacker to include arbitrary files via the 'lang' parameter in lang-system.php due to improper input validation.

Description

Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DSecRG · textwebappsphp

https://www.exploit-db.com/exploits/5831

View Code ZIP pw:eip

This exploit demonstrates a Local File Include (LFI) vulnerability in Open Azimyt CMS versions 0.22 minimal and 0.21 stable. The vulnerability allows an attacker to include arbitrary files via the 'lang' parameter in lang-system.php due to improper input validation.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Open Azimyt CMS 0.22 minimal, 0.21 stable

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK