CVE-2008-7001

Creator CMS 5.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7001. PoCs published by ThE X-HaCkEr.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in Creator CMS 5.0, providing a proof-of-concept URL and SQL payload to extract user credentials. No executable exploit code is included.

Description

Unrestricted file upload vulnerability in the file manager in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary code via unknown vectors.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ThE X-HaCkEr · textwebappsasp

https://www.exploit-db.com/exploits/6405

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in Creator CMS 5.0, providing a proof-of-concept URL and SQL payload to extract user credentials. No executable exploit code is included.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Creator CMS 5.0

No auth needed

Prerequisites: Target running Creator CMS 5.0 with vulnerable endpoint exposed

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/44982

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6405

Scores

EPSS 0.0652

EPSS Percentile 91.2%

Details

Status published

Products (1)

creative_mind/creator_cms 5.0

Published Aug 19, 2009

Tracked Since Feb 18, 2026