CVE-2010-3480

ApPHP PHP MicroCMS 1.0.1 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3480. PoCs published by Abysssec.

AI-analyzed exploit summary The exploit demonstrates an authentication bypass via SQL injection in the login mechanism and a local file inclusion vulnerability in PHP MicroCMS 1.0.1. The SQL injection allows bypassing authentication by injecting malicious input into the username and password fields, while the LFI allows reading arbitrary files by manipulating the 'page' parameter.

Description

Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Abysssec · textwebappsphp

https://www.exploit-db.com/exploits/15011

View Code ZIP pw:eip

The exploit demonstrates an authentication bypass via SQL injection in the login mechanism and a local file inclusion vulnerability in PHP MicroCMS 1.0.1. The SQL injection allows bypassing authentication by injecting malicious input into the username and password fields, while the LFI allows reading arbitrary files by manipulating the 'page' parameter.

Classification

Working Poc 90%

Attack Type

Sqli | Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PHP MicroCMS <= 1.0.1

No auth needed

Prerequisites: Access to the login page · Ability to send HTTP requests to the target

MITRE ATT&CK