Exploitation Summary
EIP tracks 2 public exploits for CVE-2008-3313. PoCs published by Ciph3r.
AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in CreaCMS by manipulating the 'cfg[base_uri_admin]' parameter to include a remote PHP shell. The vulnerability arises from insufficient sanitization of user-supplied input.
Description
Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (2)
This exploit demonstrates a remote file inclusion vulnerability in CreaCMS by manipulating the 'cfg[base_uri_admin]' parameter to include a remote PHP shell. The vulnerability arises from insufficient sanitization of user-supplied input.
This exploit demonstrates a remote file inclusion vulnerability in CreaCMS by injecting a malicious URL into the 'cfg[document_uri]' parameter, allowing arbitrary code execution. The PoC is straightforward and leverages a common LFI/RFI technique.