CVE-2008-4526

Customcms Ccms - Path Traversal

Title source: rule

Description

Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/6663

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6663

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31566

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4387

Scores

EPSS 0.0384

EPSS Percentile 88.2%

Details

CWE

CWE-22

Status published

Products (1)

customcms/ccms 3.1

Published Oct 09, 2008

Tracked Since Feb 18, 2026