CVE-2008-5853

Chilek Content Management System <2.0.4 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5853. PoCs published by BugReport.IR.

AI-analyzed exploit summary This is a vulnerability writeup detailing multiple issues in ChiCoMaS CMS, including database information disclosure, unauthorized access to backups, and reflected XSS. No exploit code is provided, only PoC URLs.

Description

Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI.

Exploits (1)

exploitdb WRITEUP VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/7532

View Code ZIP pw:eip

This is a vulnerability writeup detailing multiple issues in ChiCoMaS CMS, including database information disclosure, unauthorized access to backups, and reflected XSS. No exploit code is provided, only PoC URLs.

Classification

Writeup 100%

Attack Type

Info Leak | Auth Bypass | Xss

Complexity

Trivial

Reliability

Reliable

Target: ChiCoMaS CMS <= 2.0.4

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK