CVE-2012-3838
baby_gekko < 1.2.0 - Unauthenticated Installation Path Exposure via Direct Request
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-3838. PoCs published by LiquidWorm.
AI-analyzed exploit summary This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Baby Gekko CMS v1.1.5c. It includes HTTP requests with malicious payloads injected into various parameters, proving the vulnerability.
Description
Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/18827
This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Baby Gekko CMS v1.1.5c. It includes HTTP requests with malicious payloads injected into various parameters, proving the vulnerability.
Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Baby Gekko CMS v1.1.5c
Auth required
Prerequisites:
Access to authenticated sessions · Ability to submit crafted HTTP requests
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18827
Scores
EPSS
0.0282
EPSS Percentile
84.7%
Details
CWE
CWE-200
Status
published
Products (12)
babygekko/baby_gekko
0.90
babygekko/baby_gekko
0.91
babygekko/baby_gekko
0.98 alpha
babygekko/baby_gekko
0.99 beta
babygekko/baby_gekko
1.0.0
babygekko/baby_gekko
1.0.1
babygekko/baby_gekko
1.1.0
babygekko/baby_gekko
1.1.1
babygekko/baby_gekko
1.1.2
babygekko/baby_gekko
1.1.3
... and 2 more
Published
Jul 03, 2012
Tracked Since
Feb 18, 2026