CVE-2008-5862

webcamXP <5.3.2.410 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-5862. PoCs published by nicx0, K3ysTr0K3R.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability by using URL-encoded sequences to access sensitive system files like 'sam' and 'boot.ini'. The attack leverages improper path sanitization to traverse outside the web root directory.

Description

Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the URI.

Exploits (2)

exploitdb WORKING POC VERIFIED
by nicx0 · textremotewindows
https://www.exploit-db.com/exploits/7521

This exploit demonstrates a directory traversal vulnerability by using URL-encoded sequences to access sensitive system files like 'sam' and 'boot.ini'. The attack leverages improper path sanitization to traverse outside the web root directory.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Unknown web server (likely IIS or similar)
No auth needed
Prerequisites: Access to the target web server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by K3ysTr0K3R · poc
https://github.com/K3ysTr0K3R/CVE-2008-5862-EXPLOIT

The repository contains a functional exploit for CVE-2008-5862, a directory traversal vulnerability in webcamXP versions 5.3.2.375 and 5.3.2.410. The exploit uses encoded dot-dot-slash sequences to traverse directories and read arbitrary files like boot.ini and sam.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: webcamXP 5.3.2.375 and 5.3.2.410
No auth needed
Prerequisites: Target running vulnerable version of webcamXP · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021484
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4877
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32928
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33257
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7521
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47492

Scores

EPSS 0.0591
EPSS Percentile 92.3%

Details

CWE
CWE-22
Status published
Products (2)
webcamxp/webcamxp 5.3.2.375
webcamxp/webcamxp 5.3.2.410
Published Jan 06, 2009
Tracked Since Feb 18, 2026