CVE-2009-4535

Mongoose <2.8.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Dr_IDE · textremotewindows
https://www.exploit-db.com/exploits/12309
exploitdb WORKING POC VERIFIED
by Dr_IDE · textwebappsphp
https://www.exploit-db.com/exploits/9897

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36934
Exploit, URL Repurposed x_refsource_misc
http://freetexthost.com/0lcsrgt3vw

Scores

EPSS 0.0285
EPSS Percentile 86.3%

Details

CWE
CWE-200
Status published
Products (1)
valenok/mongoose < 2.8.0
Published Dec 31, 2009
Tracked Since Feb 18, 2026