CVE-2008-5729

AIST NetCat <= 3.12 - Cross-Site Scripting via FCKeditor Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5729. PoCs published by s4avrd0w.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in NetCat CMS <= 3.12, including file inclusion, SQL injection, XSS, HTTP response splitting, and CRLF injection. It provides specific examples of vulnerable endpoints and required PHP configurations.

Description

Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/iframe.inc.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by s4avrd0w · textwebappsphp
https://www.exploit-db.com/exploits/7560

This is a technical writeup detailing multiple vulnerabilities in NetCat CMS <= 3.12, including file inclusion, SQL injection, XSS, HTTP response splitting, and CRLF injection. It provides specific examples of vulnerable endpoints and required PHP configurations.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: NetCat CMS <= 3.12
No auth needed
Prerequisites: PHP register_globals=On · PHP magic_quotes_gpc=Off
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47577
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4819
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7560
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32992

Scores

EPSS 0.0144
EPSS Percentile 69.8%

Details

CWE
CWE-79
Status published
Products (8)
netcat/netcat 1.1
netcat/netcat 2.0
netcat/netcat 2.1
netcat/netcat 2.2
netcat/netcat 2.3
netcat/netcat 2.4
netcat/netcat 3.0
netcat/netcat < 3.12
Published Dec 26, 2008
Tracked Since Feb 18, 2026