CVE-2008-4526

CCMS 3.1 - Path Traversal via Skin Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4526. PoCs published by SirGod.

AI-analyzed exploit summary This exploit demonstrates multiple Local File Inclusion (LFI) vulnerabilities in CCMS 3.1 by manipulating the 'skin' parameter in various PHP scripts. The PoC uses null byte termination to bypass file extension checks and access arbitrary files on the target system.

Description

Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SirGod · textwebappsphp
https://www.exploit-db.com/exploits/6663

This exploit demonstrates multiple Local File Inclusion (LFI) vulnerabilities in CCMS 3.1 by manipulating the 'skin' parameter in various PHP scripts. The PoC uses null byte termination to bypass file extension checks and access arbitrary files on the target system.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: CCMS 3.1
No auth needed
Prerequisites: Target running CCMS 3.1 with vulnerable PHP configuration (e.g., magic_quotes_gpc disabled)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6663
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31566
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4387

Scores

EPSS 0.0346
EPSS Percentile 87.5%

Details

CWE
CWE-22
Status published
Products (1)
customcms/ccms 3.1
Published Oct 09, 2008
Tracked Since Feb 18, 2026