CVE-2008-3926

CMME 1.12 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3926. PoCs published by SirGod.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in CMME 1.12, including Local File Inclusion (LFI), Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and unauthorized directory creation. The PoC provides clear examples and live demos for each vulnerability.

Description

Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/6313

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in CMME 1.12, including Local File Inclusion (LFI), Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and unauthorized directory creation. The PoC provides clear examples and live demos for each vulnerability.

Classification

Working Poc 90%

Attack Type

Lfi | Xss | Csrf | Other

Complexity

Trivial

Reliability

Reliable

Target: CMME 1.12

No auth needed

Prerequisites: magic_quotes_gpc must be off for LFI · Target must be running CMME 1.12

MITRE ATT&CK