CVE-2009-1368

Mozilocms - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/8394

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog

[Exploit] http://www.securityfocus.com/bid/34474

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/49813

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8394

Scores

EPSS 0.0271

EPSS Percentile 85.7%

Classification

CWE

CWE-22

Status draft

Affected Products (1)

mozilo/mozilocms

Timeline

Published Apr 22, 2009

Tracked Since Feb 18, 2026