CVE-2009-5114

NUCLEI

iwork WebGlimpse < 2.18.7 - Path Traversal via DOC Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-5114. PoCs published by MustLive. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in WebGlimpse 2.18.7, allowing attackers to retrieve arbitrary files via crafted requests with '../' sequences. The example URL demonstrates accessing '/etc/passwd' through the 'wgarcmin.cgi' script.

Description

Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by MustLive · textwebappscgi
https://www.exploit-db.com/exploits/36994

The exploit describes a directory traversal vulnerability in WebGlimpse 2.18.7, allowing attackers to retrieve arbitrary files via crafted requests with '../' sequences. The example URL demonstrates accessing '/etc/passwd' through the 'wgarcmin.cgi' script.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WebGlimpse 2.18.7
No auth needed
Prerequisites: Network access to the vulnerable WebGlimpse instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WebGlimpse 2.18.7 - Directory Traversal
MEDIUMby daffainfo

References (2)

Core 2
Core References
Exploit x_refsource_misc
http://websecurity.com.ua/2628/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74321

Scores

EPSS 0.0553
EPSS Percentile 90.5%

Details

CWE
CWE-22
Status published
Products (48)
iwork/webglimpse 1.7.6
iwork/webglimpse 1.7.9
iwork/webglimpse 2.0.03
iwork/webglimpse 2.0.04
iwork/webglimpse 2.0.07
iwork/webglimpse 2.0.10
iwork/webglimpse 2.1.01
iwork/webglimpse 2.1.04
iwork/webglimpse 2.2.0
iwork/webglimpse 2.2.2
... and 38 more
Published Mar 19, 2012
Tracked Since Feb 18, 2026