CVE-2012-1024

Enigma2 Webinterface <1.5 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1024. PoCs published by Todor Donev.

AI-analyzed exploit summary This Perl script exploits a file disclosure vulnerability in Enigma2 Webinterface versions 1.5.x, 1.6.x, and 1.7.x by sending crafted HTTP requests to retrieve arbitrary files from the target system. It checks the version and uses different payloads depending on the detected version.

Description

Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Exploits (1)

exploitdb WORKING POC

by Todor Donev · perlwebappslinux

https://www.exploit-db.com/exploits/18343

View Code ZIP pw:eip

This Perl script exploits a file disclosure vulnerability in Enigma2 Webinterface versions 1.5.x, 1.6.x, and 1.7.x by sending crafted HTTP requests to retrieve arbitrary files from the target system. It checks the version and uses different payloads depending on the detected version.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Enigma2 Webinterface 1.5.x, 1.6.x, 1.7.x

No auth needed

Prerequisites: Target must be running a vulnerable version of Enigma2 Webinterface · Target must be accessible via HTTP

MITRE ATT&CK

T1083 - File and Directory Discovery T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18343

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/73109

Scores

EPSS 0.0366

EPSS Percentile 88.2%

Details

CWE

CWE-22

Status published

Products (1)

dream-multimedia-tv/enigma2_webinterface 1.5 beta4 (2 CPE variants)

Published Feb 08, 2012

Tracked Since Feb 18, 2026