CVE-2009-2557

Admin News Tools 2.5 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2557. PoCs published by Securitylab.ir.

AI-analyzed exploit summary This is a writeup describing a directory traversal vulnerability in Admin News Tools 2.5, allowing remote file download via the 'fichier' parameter in download.php. The vulnerability is due to improper sanitization of user input.

Description

Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the fichier parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Securitylab.ir · textwebappsphp

https://www.exploit-db.com/exploits/9153

View Code ZIP pw:eip

This is a writeup describing a directory traversal vulnerability in Admin News Tools 2.5, allowing remote file download via the 'fichier' parameter in download.php. The vulnerability is due to improper sanitization of user input.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Admin News Tools 2.5

No auth needed

Prerequisites: Access to the download.php endpoint

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/504949/100/0/threaded

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9153

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35842

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/55856

Scores

EPSS 0.0171

EPSS Percentile 82.6%

Details

CWE

CWE-22

Status published

Products (1)

adminnewstools/admin_news_tools 2.5

Published Jul 21, 2009

Tracked Since Feb 18, 2026