CVE-2010-4867

W-Agora < 4.2.1 - Path Traversal via Search Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4867. PoCs published by MustLive.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) and cross-site scripting (XSS) vulnerability in w-Agora 4.2.1 and prior. It includes example URLs demonstrating directory traversal but lacks executable exploit code.

Description

Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by MustLive · textwebappsphp
https://www.exploit-db.com/exploits/34905

The provided text describes a local file inclusion (LFI) and cross-site scripting (XSS) vulnerability in w-Agora 4.2.1 and prior. It includes example URLs demonstrating directory traversal but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Info Leak | Xss
Complexity
Trivial
Reliability
Theoretical
Target: w-Agora 4.2.1 and prior
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8426
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514420/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44370

Scores

EPSS 0.0250
EPSS Percentile 82.6%

Details

CWE
CWE-22
Status published
Products (16)
w-agora/w-agora 4.0.0
w-agora/w-agora 4.0.1
w-agora/w-agora 4.0.2
w-agora/w-agora 4.0.2a
w-agora/w-agora 4.0.3
w-agora/w-agora 4.1.0
w-agora/w-agora 4.1.1
w-agora/w-agora 4.1.2
w-agora/w-agora 4.1.3
w-agora/w-agora 4.1.4
... and 6 more
Published Oct 05, 2011
Tracked Since Feb 18, 2026