CVE-2008-3128

Pivot 1.40.5 - Path Traversal via Search Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3128. PoCs published by Nine:Situations:Group.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in Pivot 1.40.5's load_template() function to disclose admin credentials stored in pv_cfg_settings.php. The 't' parameter is passed unsanitized to the file() function, allowing arbitrary file reads.

Description

Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · phpwebappsphp

https://www.exploit-db.com/exploits/5973

View Code ZIP pw:eip

This exploit leverages a directory traversal vulnerability in Pivot 1.40.5's load_template() function to disclose admin credentials stored in pv_cfg_settings.php. The 't' parameter is passed unsanitized to the file() function, allowing arbitrary file reads.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Pivot 1.40.5 'Dreadwind'

No auth needed

Prerequisites: Target running Pivot 1.40.5 with exposed search.php

MITRE ATT&CK