CVE-2012-1025

Enigma2 Webinterface <1.7.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1025. PoCs published by Todor Donev.

AI-analyzed exploit summary This Perl script exploits a file disclosure vulnerability in Enigma2 Webinterface versions 1.5.x, 1.6.x, and 1.7.x by sending crafted HTTP requests to retrieve arbitrary files from the target system. It checks the version and uses different payloads depending on the detected version.

Description

Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter.

Exploits (1)

exploitdb WORKING POC

by Todor Donev · perlwebappslinux

https://www.exploit-db.com/exploits/18343

View Code ZIP pw:eip

This Perl script exploits a file disclosure vulnerability in Enigma2 Webinterface versions 1.5.x, 1.6.x, and 1.7.x by sending crafted HTTP requests to retrieve arbitrary files from the target system. It checks the version and uses different payloads depending on the detected version.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Enigma2 Webinterface 1.5.x, 1.6.x, 1.7.x

No auth needed

Prerequisites: Target must be running a vulnerable version of Enigma2 Webinterface · Target must be accessible via HTTP

MITRE ATT&CK

T1083 - File and Directory Discovery T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18343

Scores

EPSS 0.0295

EPSS Percentile 86.8%

Details

CWE

CWE-22

Status published

Products (11)

dream-multimedia-tv/enigma2_webinterface 1.6 rc3

dream-multimedia-tv/enigma2_webinterface 1.6.0

dream-multimedia-tv/enigma2_webinterface 1.6.1

dream-multimedia-tv/enigma2_webinterface 1.6.2

dream-multimedia-tv/enigma2_webinterface 1.6.3

dream-multimedia-tv/enigma2_webinterface 1.6.4

dream-multimedia-tv/enigma2_webinterface 1.6.5

dream-multimedia-tv/enigma2_webinterface 1.6.6

dream-multimedia-tv/enigma2_webinterface 1.6.7

dream-multimedia-tv/enigma2_webinterface 1.6.8

... and 1 more

Published Feb 08, 2012

Tracked Since Feb 18, 2026