CVE-2008-6834

fuzzylime (cms) 3.01 and 3.01a - Path Traversal via commupdate.php s Parameter or newsheads.php heads Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6834. PoCs published by Cod3rZ.

AI-analyzed exploit summary This exploit targets Fuzzylime CMS 3.01 via Local File Inclusion (LFI) and Remote Code Execution (RCE) by injecting PHP code into logs and accessing it through vulnerable parameters. It uses LWP::UserAgent to send HTTP requests and verify successful exploitation.

Description

Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Cod3rZ · perlwebappsphp
https://www.exploit-db.com/exploits/6016

This exploit targets Fuzzylime CMS 3.01 via Local File Inclusion (LFI) and Remote Code Execution (RCE) by injecting PHP code into logs and accessing it through vulnerable parameters. It uses LWP::UserAgent to send HTTP requests and verify successful exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Fuzzylime CMS 3.01
No auth needed
Prerequisites: Access to the target web application · Knowledge of log file paths
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6016

Scores

EPSS 0.0404
EPSS Percentile 89.3%

Details

CWE
CWE-22
Status published
Products (2)
fuzzylime/fuzzylime_\(cms\) 3.0.1
fuzzylime/fuzzylime_\(cms\) 3.0.1a
Published Jun 22, 2009
Tracked Since Feb 18, 2026