CVE-2009-0529

SnippetMaster Webpage Editor 2.2.2 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0529. PoCs published by RoMaNcYxHaCkEr.

AI-analyzed exploit summary The exploit demonstrates a Remote File Include (RFI) vulnerability in SnippetMaster Webpage Editor 2.2.2 by manipulating the `_SESSION[SCRIPT_PATH]` and `g_pcltar_lib_dir` parameters to include arbitrary remote files. It also includes a Remote XSS exploit via POST method injection in the language option.

Description

Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster Webpage Editor 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the language parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by RoMaNcYxHaCkEr · textwebappsphp
https://www.exploit-db.com/exploits/8017

The exploit demonstrates a Remote File Include (RFI) vulnerability in SnippetMaster Webpage Editor 2.2.2 by manipulating the `_SESSION[SCRIPT_PATH]` and `g_pcltar_lib_dir` parameters to include arbitrary remote files. It also includes a Remote XSS exploit via POST method injection in the language option.

Classification
Working Poc 90%
Attack Type
Rce | Xss
Complexity
Trivial
Reliability
Reliable
Target: SnippetMaster Webpage Editor 2.2.2
No auth needed
Prerequisites: Remote file hosting for RFI payload · Victim interaction for XSS
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8017
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33865
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33705

Scores

EPSS 0.0148
EPSS Percentile 70.6%

Details

CWE
CWE-79
Status published
Products (1)
electrictoad/snippetmaster_webpage_editor 2.2.2
Published Feb 11, 2009
Tracked Since Feb 18, 2026