CVE-2008-5818

eDreamers eDContainer <2.22 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5818. PoCs published by GoLd_M.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in eDContainer v2.22. The vulnerability arises from improper handling of the 'lg' parameter in index.php, allowing directory traversal to include arbitrary files.

Description

Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/7604

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in eDContainer v2.22. The vulnerability arises from improper handling of the 'lg' parameter in index.php, allowing directory traversal to include arbitrary files.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: eDContainer v2.22

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK