CVE-2009-3802

amiro.cms <= 5.4.0.0 - Information Disclosure via Invalid Login Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3802. PoCs published by Vladimir Vorontsov.

AI-analyzed exploit summary This is a vulnerability writeup describing an information disclosure flaw in Amiro.CMS <= 5.4.0.0. The issue arises from improper handling of the username field in the admin login, where entering '%%%' reveals the full installation path and internal variables.

Description

Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Vladimir Vorontsov · textwebappsphp

https://www.exploit-db.com/exploits/9867

View Code ZIP pw:eip

This is a vulnerability writeup describing an information disclosure flaw in Amiro.CMS <= 5.4.0.0. The issue arises from improper handling of the username field in the admin login, where entering '%%%' reveals the full installation path and internal variables.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Amiro.CMS <= 5.4.0.0

No auth needed

Prerequisites: Access to the administrative login page

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/0910-exploits/ONSEC-09-005.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/53894

Exploit x_refsource_misc

http://www.onsec.ru/vuln?id=12

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37065

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2967

Scores

EPSS 0.0259

EPSS Percentile 83.3%

Details

CWE

CWE-20

Status published

Products (12)

amirocms/amiro.cms 4.0.8.0

amirocms/amiro.cms 4.2.0.5

amirocms/amiro.cms 4.2.1.0

amirocms/amiro.cms 4.2.2.0

amirocms/amiro.cms 4.2.3.0

amirocms/amiro.cms 4.2.4

amirocms/amiro.cms 4.2.5

amirocms/amiro.cms 5.0.7

amirocms/amiro.cms 5.2

amirocms/amiro.cms 5.2.2

... and 2 more

Published Oct 27, 2009

Tracked Since Feb 18, 2026