CVE-2009-1526

DirectAdmin < 1.33.4 - Unauthenticated Arbitrary File Write via Symlink Attack on Backup Temporary File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1526. PoCs published by anonymous.

AI-analyzed exploit summary This exploit demonstrates a symbolic link attack against DirectAdmin versions prior to 1.33.4, allowing an attacker with local access to overwrite arbitrary files by manipulating temporary file creation. The PoC shows how a symbolic link can be created to redirect a database dump to an arbitrary file, potentially leading to privilege escalation.

Description

JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · textlocallinux

https://www.exploit-db.com/exploits/32947

View Code ZIP pw:eip

This exploit demonstrates a symbolic link attack against DirectAdmin versions prior to 1.33.4, allowing an attacker with local access to overwrite arbitrary files by manipulating temporary file creation. The PoC shows how a symbolic link can be created to redirect a database dump to an arbitrary file, potentially leading to privilege escalation.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: DirectAdmin < 1.33.4

No auth needed

Prerequisites: Local access to the target system · Ability to create symbolic links

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1200 - Hardware Additions

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/54014

Broken Link mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34861

Vendor Advisory, Release Notes x_refsource_confirm

http://www.directadmin.com/features.php?id=968

Scores

EPSS 0.0047

EPSS Percentile 64.9%

Details

CWE

CWE-59

Status published

Products (1)

directadmin/directadmin < 1.33.4

Published May 05, 2009

Tracked Since Feb 18, 2026