CVE-2008-3165

fuzzylime_cms < 3.01 - Path Traversal via RSS p Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3165. PoCs published by Ams.

AI-analyzed exploit summary This exploit targets a file inclusion and code execution vulnerability in fuzzylime CMS 3.0.1 via the rss.php script. It injects a base64-encoded PHP shell into a file and verifies its presence.

Description

Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ams · perlwebappsphp

https://www.exploit-db.com/exploits/6009

View Code ZIP pw:eip

This exploit targets a file inclusion and code execution vulnerability in fuzzylime CMS 3.0.1 via the rss.php script. It injects a base64-encoded PHP shell into a file and verifies its presence.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: fuzzylime CMS 3.0.1

No auth needed

Prerequisites: magic_quotes_gpc=off · network access to target

MITRE ATT&CK