CVE-2009-2176

fuzzylime_cms <= 3.03a - Remote File Inclusion via Directory Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2176. PoCs published by StAkeR.

AI-analyzed exploit summary The exploit demonstrates multiple local file inclusion (LFI) and local file corruption (LFC) vulnerabilities in FuzzyLime CMS <= 3.03a. It leverages insecure variable extraction and path traversal to include arbitrary files or overwrite cache files.

Description

Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by StAkeR · textwebappsphp

https://www.exploit-db.com/exploits/8978

View Code ZIP pw:eip

The exploit demonstrates multiple local file inclusion (LFI) and local file corruption (LFC) vulnerabilities in FuzzyLime CMS <= 3.03a. It leverages insecure variable extraction and path traversal to include arbitrary files or overwrite cache files.

Classification

Working Poc 95%

Attack Type

Lfi

Complexity

Trivial

Reliability

Reliable

Target: FuzzyLime CMS <= 3.03a

No auth needed

Prerequisites: Target running FuzzyLime CMS <= 3.03a · Network access to the target

MITRE ATT&CK