CVE-2009-3515
d.net CMS - Authenticated Path Traversal via Type Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-3515. PoCs published by SirGod.
AI-analyzed exploit summary This exploit demonstrates SQL injection and local file inclusion vulnerabilities in d.net CMS. The SQLi allows unauthorized retrieval of admin credentials, while the LFI enables reading arbitrary files with admin access.
Description
Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
Exploits (1)
This exploit demonstrates SQL injection and local file inclusion vulnerabilities in d.net CMS. The SQLi allows unauthorized retrieval of admin credentials, while the LFI enables reading arbitrary files with admin access.