CVE-2011-0903
AR Web Content Manager 2.2 - Path Traversal via awcm_theme or awcm_lang Cookie
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-0903. PoCs published by Cucura.
AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in AWCM v2.2 by manipulating the 'awcm_theme' and 'awcm_lang' cookie parameters to read arbitrary files (e.g., /etc/passwd). The vulnerability arises from insecure handling of user-supplied input in 'header.php'.
Description
Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.php or (b) header.php.
Exploits (1)
This exploit demonstrates a Local File Inclusion (LFI) vulnerability in AWCM v2.2 by manipulating the 'awcm_theme' and 'awcm_lang' cookie parameters to read arbitrary files (e.g., /etc/passwd). The vulnerability arises from insecure handling of user-supplied input in 'header.php'.