CVE-2009-5112

iwork WebGlimpse <= 2.18.7 - Exposure of Sensitive Information via wgarcmin.cgi

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-5112. PoCs published by Websecurity.

AI-analyzed exploit summary The provided text describes a path-disclosure vulnerability in WebGlimpse 2.18.7, where an attacker can access sensitive data via a crafted URL. No actual exploit code is included, only a reference to the vulnerability and an example request.

Description

wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Websecurity · textwebappscgi
https://www.exploit-db.com/exploits/36976

The provided text describes a path-disclosure vulnerability in WebGlimpse 2.18.7, where an attacker can access sensitive data via a crafted URL. No actual exploit code is included, only a reference to the vulnerability and an example request.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: WebGlimpse 2.18.7
No auth needed
Prerequisites: Network access to the vulnerable WebGlimpse instance
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit x_refsource_misc
http://websecurity.com.ua/2628/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74320

Scores

EPSS 0.0541
EPSS Percentile 91.7%

Details

CWE
CWE-200
Status published
Products (48)
iwork/webglimpse 1.7.6
iwork/webglimpse 1.7.9
iwork/webglimpse 2.0.03
iwork/webglimpse 2.0.04
iwork/webglimpse 2.0.07
iwork/webglimpse 2.0.10
iwork/webglimpse 2.1.01
iwork/webglimpse 2.1.04
iwork/webglimpse 2.2.0
iwork/webglimpse 2.2.2
... and 38 more
Published Mar 19, 2012
Tracked Since Feb 18, 2026