CVE-2012-2919

Chevereto 1.9.1 - Path Traversal via Upload Engine v Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2919. PoCs published by AkaStep.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) and information disclosure vulnerability in Chevereto Image Upload Script 1.91. The vulnerability arises from improper input sanitization, allowing attackers to execute arbitrary script code or enumerate local files.

Description

Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by AkaStep · textwebappsphp
https://www.exploit-db.com/exploits/37148

The provided text describes a cross-site scripting (XSS) and information disclosure vulnerability in Chevereto Image Upload Script 1.91. The vulnerability arises from improper input sanitization, allowing attackers to execute arbitrary script code or enumerate local files.

Classification
Writeup 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Chevereto Image Upload Script 1.91
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53448
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75477

Scores

EPSS 0.0334
EPSS Percentile 87.1%

Details

CWE
CWE-22
Status published
Products (1)
chevereto/chevereto 1.91
Published May 21, 2012
Tracked Since Feb 18, 2026