Exploitation Summary
EIP tracks 1 public exploit for CVE-2008-5860. PoCs published by fuzion.
AI-analyzed exploit summary This is a writeup detailing multiple vulnerabilities in Constructr CMS <= 3.02.5, including directory traversal, source disclosure, arbitrary file creation, and SQL injection. It provides exploit URLs and payloads but lacks executable code.
Description
Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter.
Exploits (1)
This is a writeup detailing multiple vulnerabilities in Constructr CMS <= 3.02.5, including directory traversal, source disclosure, arbitrary file creation, and SQL injection. It provides exploit URLs and payloads but lacks executable code.