CVE-2009-2177

Fuzzylime CMS <3.03a - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2177. PoCs published by StAkeR.

AI-analyzed exploit summary The exploit demonstrates multiple local file inclusion (LFI) and local file corruption (LFC) vulnerabilities in FuzzyLime CMS <= 3.03a. It leverages insecure variable extraction and path traversal to include arbitrary files or overwrite cache files.

Description

code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value.

Exploits (1)

exploitdb WORKING POC VERIFIED

by StAkeR · textwebappsphp

https://www.exploit-db.com/exploits/8978

View Code ZIP pw:eip

The exploit demonstrates multiple local file inclusion (LFI) and local file corruption (LFC) vulnerabilities in FuzzyLime CMS <= 3.03a. It leverages insecure variable extraction and path traversal to include arbitrary files or overwrite cache files.

Classification

Working Poc 95%

Attack Type

Lfi

Complexity

Trivial

Reliability

Reliable

Target: FuzzyLime CMS <= 3.03a

No auth needed

Prerequisites: Target running FuzzyLime CMS <= 3.03a · Network access to the target

MITRE ATT&CK