CVE-2008-3164

fuzzylime CMS <3.01 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Cod3rZ · perlwebappsphp
https://www.exploit-db.com/exploits/6016
exploitdb WORKING POC VERIFIED
by Cod3rZ · perlwebappsphp
https://www.exploit-db.com/exploits/32016

References (7)

Scores

EPSS 0.1246
EPSS Percentile 93.9%

Details

CWE
CWE-22
Status published
Products (1)
fuzzylime/fuzzylime_cms 3.01
Published Jul 14, 2008
Tracked Since Feb 18, 2026