CVE-2008-6734

Keller Web Admin CMS 0.94 Pro - Path Traversal via Action Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6734. PoCs published by StAkeR, CWH Underground.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Keller Web Admin by manipulating the 'action' parameter to read arbitrary files (e.g., /etc/passwd). The PoC provides a direct URL for exploitation.

Description

Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by StAkeR · textwebappsphp
https://www.exploit-db.com/exploits/5956

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Keller Web Admin by manipulating the 'action' parameter to read arbitrary files (e.g., /etc/passwd). The PoC provides a direct URL for exploitation.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Keller Web Admin <= 0.94_pro
No auth needed
Prerequisites: Target application must be accessible · LFI vulnerability must be present
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by CWH Underground · textwebappsphp
https://www.exploit-db.com/exploits/5940

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Keller Web Admin CMS 0.94 Pro. The vulnerability arises from unsanitized user input in the 'action' parameter, allowing arbitrary file inclusion via directory traversal sequences.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Keller Web Admin CMS 0.94 Pro
No auth needed
Prerequisites: Target must be running Keller Web Admin CMS 0.94 Pro · Public/index.php must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43373
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5940
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29971
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5956

Scores

EPSS 0.0296
EPSS Percentile 85.4%

Details

CWE
CWE-22
Status published
Products (1)
keller_web_admin/kwa 0.94
Published Apr 21, 2009
Tracked Since Feb 18, 2026