CVE-2009-4466

DeluxeBB 1.3 - Exposure of Sensitive Information via Page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4466. PoCs published by cp77fk4r.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in DeluxeBB, including XSS, full path disclosure, and authentication bypass. It provides specific URLs and parameters to exploit these issues but does not include functional exploit code.

Description

DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption).

Exploits (1)

exploitdb WRITEUP VERIFIED
by cp77fk4r · textwebappsphp
https://www.exploit-db.com/exploits/10598

This is a technical writeup detailing multiple vulnerabilities in DeluxeBB, including XSS, full path disclosure, and authentication bypass. It provides specific URLs and parameters to exploit these issues but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Xss | Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: DeluxeBB
No auth needed
Prerequisites: Access to the target server's web interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37448
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/10598
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54980

Scores

EPSS 0.0243
EPSS Percentile 82.1%

Details

CWE
CWE-200
Status published
Products (1)
deluxebb/deluxebb 1.3
Published Dec 30, 2009
Tracked Since Feb 18, 2026