CVE-2009-0852

CelerBB 0.0.2 - Exposure of Sensitive Information via User Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0852. PoCs published by Salvatore Fresta.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in CelerBB 0.0.2, including SQL injection, information disclosure, and authentication bypass. It provides functional proof-of-concept code for each vulnerability, with specific payloads and attack vectors.

Description

showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserved information" via the user parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Salvatore Fresta · textwebappsphp

https://www.exploit-db.com/exploits/8161

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in CelerBB 0.0.2, including SQL injection, information disclosure, and authentication bypass. It provides functional proof-of-concept code for each vulnerability, with specific payloads and attack vectors.

Classification

Working Poc 95%

Attack Type

Sqli | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: CelerBB 0.0.2

No auth needed

Prerequisites: magic_quotes_gpc = off

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1078 - Valid Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34014

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8161

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/501481/100/0/threaded

Scores

EPSS 0.0268

EPSS Percentile 83.9%

Details

CWE

CWE-200

Status published

Products (1)

stewart_howe/celerbb 0.0.2

Published Mar 09, 2009

Tracked Since Feb 18, 2026