Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-2220. PoCs published by CraCkEr.
AI-analyzed exploit summary This exploit demonstrates Local File Inclusion (LFI) and Cross-Site Scripting (XSS) vulnerabilities in Tribiq CMS 5.0.12c. It provides URLs that can be manipulated to include arbitrary files or execute malicious scripts.
Description
Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1) masthead.inc.php, (2) toppanel.inc.php, and (3) contact.inc.php in templates/mytribiqsite/tribiq-CL-9000/includes; and the use_template_family parameter to (4) templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php. NOTE: the tribal-GPL-1066/includes/header.inc.php vector is already covered by CVE-2008-4894.
Exploits (1)
This exploit demonstrates Local File Inclusion (LFI) and Cross-Site Scripting (XSS) vulnerabilities in Tribiq CMS 5.0.12c. It provides URLs that can be manipulated to include arbitrary files or execute malicious scripts.