CVE-2008-5856

ClaSS < 0.8.60 - Path Traversal via ftype Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5856. PoCs published by fuzion.

AI-analyzed exploit summary This is a writeup describing a directory traversal vulnerability in ClaSS <=0.8.60, allowing unauthorized file disclosure/download via the export.php script. The exploit requires specific PHP configurations (magic_quotes_gpc=Off, register_globals=On).

Description

Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attackers to read arbitrary files via directory traversal sequences in the ftype parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by fuzion · textwebappsphp
https://www.exploit-db.com/exploits/7579

This is a writeup describing a directory traversal vulnerability in ClaSS <=0.8.60, allowing unauthorized file disclosure/download via the export.php script. The exploit requires specific PHP configurations (magic_quotes_gpc=Off, register_globals=On).

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ClaSS <=0.8.60
No auth needed
Prerequisites: magic_quotes_gpc=Off · register_globals=On
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7579
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33222
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47493
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/50807
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32929

Scores

EPSS 0.0801
EPSS Percentile 94.0%

Details

CWE
CWE-22
Status published
Products (25)
class/class 0.4 beta
class/class 0.4.0
class/class 0.4.1
class/class 0.4.2
class/class 0.5.0
class/class 0.5.1
class/class 0.5.2
class/class 0.6.0
class/class 0.6.1
class/class 0.8 rc2
... and 15 more
Published Jan 06, 2009
Tracked Since Feb 18, 2026