CVE-2008-6126

MoziloCMS <1.10.2 - Path Traversal

Title source: llm

Description

Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to download.php and the (2) page parameter to index.php, a different vector than CVE-2008-3589.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/8394

View Code ZIP pw:eip

References (5)

[Various Sources] http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog

[Vendor Advisory] http://secunia.com/advisories/32021

[Various Sources] http://www.majorsecurity.de/index_2.php?major_rls=major_rls55

[Patch] http://www.securityfocus.com/bid/31495

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45524

Scores

EPSS 0.0246

EPSS Percentile 85.3%

Details

CWE

CWE-22

Status published

Products (20)

mozilo/mozilocms 1.0

mozilo/mozilocms 1.1

mozilo/mozilocms 1.1.1

mozilo/mozilocms 1.2

mozilo/mozilocms 1.3

mozilo/mozilocms 1.3.1

mozilo/mozilocms 1.4

mozilo/mozilocms 1.5

mozilo/mozilocms 1.6

mozilo/mozilocms 1.6.1

... and 10 more

Published Feb 13, 2009

Tracked Since Feb 18, 2026