CVE-2008-6833

fuzzylime_cms - Path Traversal via commsrss.php files Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6833. PoCs published by Charles Fol.

AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in Fuzzylime CMS 3.01 via the `commsrss.php` script, which uses `extract()` to simulate `register_globals=On`. It then writes malicious PHP code to a counter file, achieving remote code execution without requiring specific PHP configurations.

Description

Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action, as demonstrated by the files[0] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Charles Fol · phpwebappsphp

https://www.exploit-db.com/exploits/6060

View Code ZIP pw:eip

This exploit leverages a file inclusion vulnerability in Fuzzylime CMS 3.01 via the `commsrss.php` script, which uses `extract()` to simulate `register_globals=On`. It then writes malicious PHP code to a counter file, achieving remote code execution without requiring specific PHP configurations.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Fuzzylime CMS 3.01

No auth needed

Prerequisites: Target must be running Fuzzylime CMS 3.01 · PHP must be configured with `allow_url_include` or similar settings enabling file operations

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →