CVE-2010-4399

DynPG CMS 4.1.1 and 4.2.0 - Path Traversal via CHG_DYNPG_SET_LANGUAGE Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4399. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) vulnerability in DynPG 4.2.0 via the CHG_DYNPG_SET_LANGUAGE parameter, along with path disclosure and SQL injection vulnerabilities. The PoC provides forms to exploit these issues, requiring authentication for some attacks.

Description

Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/15646

View Code ZIP pw:eip

The exploit demonstrates a Local File Inclusion (LFI) vulnerability in DynPG 4.2.0 via the CHG_DYNPG_SET_LANGUAGE parameter, along with path disclosure and SQL injection vulnerabilities. The PoC provides forms to exploit these issues, requiring authentication for some attacks.

Classification

Working Poc 90%

Attack Type

Lfi | Info Leak | Sqli

Complexity

Trivial

Reliability

Reliable

Target: DynPG 4.2.0

Auth required

Prerequisites: valid admin credentials for authenticated attacks · access to the target web application

MITRE ATT&CK