CVE-2009-1368

moziloCMS 1.11 - Path Traversal via Page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1368. PoCs published by SirGod.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in moziloCMS 1.11, including Local File Inclusion (LFI), Cross-Site Scripting (XSS), and Path Disclosure. The PoCs provide direct URLs to exploit these vulnerabilities without requiring authentication.

Description

Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SirGod · textwebappsphp
https://www.exploit-db.com/exploits/8394

The exploit demonstrates multiple vulnerabilities in moziloCMS 1.11, including Local File Inclusion (LFI), Cross-Site Scripting (XSS), and Path Disclosure. The PoCs provide direct URLs to exploit these vulnerabilities without requiring authentication.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: moziloCMS 1.11
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8394
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34474
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49813

Scores

EPSS 0.0616
EPSS Percentile 92.5%

Details

CWE
CWE-22
Status published
Products (1)
mozilo/mozilocms 1.11
Published Apr 22, 2009
Tracked Since Feb 18, 2026