CVE-2009-0371

SiteXS CMS <= 0.1.1 - Path Traversal via Type Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0371. PoCs published by darkjoker.

AI-analyzed exploit summary This exploit targets a Local File Inclusion (LFI) vulnerability in SiteXS <= 0.1.1 by sending a crafted POST request to 'post.php' with a manipulated 'type' parameter. The exploit uses directory traversal sequences to access arbitrary files on the server.

Description

Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by darkjoker · perlwebappsphp
https://www.exploit-db.com/exploits/7879

This exploit targets a Local File Inclusion (LFI) vulnerability in SiteXS <= 0.1.1 by sending a crafted POST request to 'post.php' with a manipulated 'type' parameter. The exploit uses directory traversal sequences to access arbitrary files on the server.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: SiteXS <= 0.1.1
No auth needed
Prerequisites: Network access to the target web server · SiteXS <= 0.1.1 installed and running
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33457
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7879
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48236
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0247

Scores

EPSS 0.0188
EPSS Percentile 76.8%

Details

CWE
CWE-22
Status published
Products (2)
sitexs_cms/sitexs_cms 0.1 pre-alpha
sitexs_cms/sitexs_cms < 0.1.1
Published Jan 30, 2009
Tracked Since Feb 18, 2026