Description
Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by cr4wl3r · textwebappsphp
https://www.exploit-db.com/exploits/11831
References (5)
Core 5
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0674
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/11831
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38993
Exploit x_refsource_misc
http://inj3ct0r.com/exploits/11394
Exploit x_refsource_misc
http://packetstormsecurity.org/1003-exploits/webmaid-rfilfi.txt
Scores
EPSS
0.0629
EPSS Percentile
91.0%
Details
CWE
CWE-22
Status
published
Products (1)
kjetiltroan/webmaid_cms
< 0.2-6
Published
Apr 06, 2010
Tracked Since
Feb 18, 2026