CVE-2008-5965

LokiCMS <= 0.3.4 - Path Traversal via Page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5965. PoCs published by JosS.

AI-analyzed exploit summary This exploit checks for the existence of arbitrary files on a server running LokiCMS <= 0.3.4 by leveraging a path traversal vulnerability in the 'page' parameter of index.php. It sends an HTTP request and analyzes the response to determine if the file exists.

Description

Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter.

Exploits (1)

exploitdb SCANNER VERIFIED
by JosS · textwebappsphp
https://www.exploit-db.com/exploits/6737

This exploit checks for the existence of arbitrary files on a server running LokiCMS <= 0.3.4 by leveraging a path traversal vulnerability in the 'page' parameter of index.php. It sends an HTTP request and analyzes the response to determine if the file exists.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: LokiCMS <= 0.3.4
No auth needed
Prerequisites: Target server running LokiCMS <= 0.3.4 · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6737
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2798
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31730
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30472
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45822

Scores

EPSS 0.0642
EPSS Percentile 92.8%

Details

CWE
CWE-22
Status published
Products (9)
lokicms/lokicms 0.1.0
lokicms/lokicms 0.1.0rc1
lokicms/lokicms 0.2.0
lokicms/lokicms 0.3.0
lokicms/lokicms 0.3.1b1
lokicms/lokicms 0.3.1b2
lokicms/lokicms 0.3.2b1
lokicms/lokicms 0.3.3
lokicms/lokicms < 0.3.4
Published Jan 26, 2009
Tracked Since Feb 18, 2026