CVE-2009-4723

Netpet CMS 1.9 - Path Traversal via Language Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4723. PoCs published by SirGod.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Netpet CMS 1.9 via the 'language' parameter in confirm.php. The vulnerable code includes user-supplied input without proper sanitization, allowing directory traversal attacks.

Description

Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/9333

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Netpet CMS 1.9 via the 'language' parameter in confirm.php. The vulnerable code includes user-supplied input without proper sanitization, allowing directory traversal attacks.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Netpet CMS 1.9

No auth needed

Prerequisites: Access to the vulnerable Netpet CMS instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9333

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2125

Scores

EPSS 0.0235

EPSS Percentile 81.4%

Details

CWE

CWE-22

Status published

Products (1)

netpet/netpet_cms 1.9

Published Mar 18, 2010

Tracked Since Feb 18, 2026