CVE-2008-3180

ContentNow CMS 1.4.1 - Cross-Site Scripting via pageid Parameter or PATH_INFO

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3180. PoCs published by CWH Underground.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability and a reflected XSS vulnerability in ContentNow CMS 1.4.1. The file upload allows attackers to upload malicious files directly to the server, while the XSS can be triggered via crafted URLs.

Description

Multiple cross-site scripting (XSS) vulnerabilities in upload/file/language_menu.php in ContentNow CMS 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) pageid parameter or (2) PATH_INFO.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CWH Underground · textwebappsphp

https://www.exploit-db.com/exploits/6011

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability and a reflected XSS vulnerability in ContentNow CMS 1.4.1. The file upload allows attackers to upload malicious files directly to the server, while the XSS can be triggered via crafted URLs.

Classification

Working Poc 90%

Attack Type

Xss | Other

Complexity

Trivial

Reliability

Reliable

Target: ContentNow CMS 1.4.1

Auth required

Prerequisites: Valid user credentials for the CMS · Access to the upload.php endpoint

MITRE ATT&CK