CVE-2008-6002

web-cp 0.5.7 - Path Traversal via sendfile.php filelocation Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6002. PoCs published by GoLd_M.

AI-analyzed exploit summary This is a writeup describing a remote file disclosure vulnerability in webcp 0.5.7. The vulnerability allows an attacker to read arbitrary files by manipulating the 'filelocation' parameter in sendfile.php.

Description

Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, when register_globals is enabled, allows remote attackers to read arbitrary files via a full pathname in the filelocation parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by GoLd_M · textwebappsphp
https://www.exploit-db.com/exploits/6556

This is a writeup describing a remote file disclosure vulnerability in webcp 0.5.7. The vulnerability allows an attacker to read arbitrary files by manipulating the 'filelocation' parameter in sendfile.php.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: webcp 0.5.7
No auth needed
Prerequisites: Access to the sendfile.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45408
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31979
Various Sources x_refsource_confirm
http://www.web-cp.net/mantis/changelog_page.php
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31371
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6556

Scores

EPSS 0.0219
EPSS Percentile 80.1%

Details

CWE
CWE-22
Status published
Products (1)
web-cp/web-cp 0.5.7
Published Jan 28, 2009
Tracked Since Feb 18, 2026