CVE-2009-3171

Anantasoft Gazelle CMS < 1.0 - Cross-Site Scripting via User or Lookup Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3171. PoCs published by IHTeam.

AI-analyzed exploit summary This script exploits multiple vulnerabilities in Gazelle CMS 1.0, including RCE via file upload, LFI, and XSS. It uploads a malicious PHP file via a template customization feature and provides a shell interface for command execution.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by IHTeam · bashwebappsphp

https://www.exploit-db.com/exploits/9425

View Code ZIP pw:eip

This script exploits multiple vulnerabilities in Gazelle CMS 1.0, including RCE via file upload, LFI, and XSS. It uploads a malicious PHP file via a template customization feature and provides a shell interface for command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Gazelle CMS 1.0

No auth needed

Prerequisites: magic_quotes_gpc Off · access to admin/settemplate.php

MITRE ATT&CK