CVE-2012-4997

AneCMS - Path Traversal and Arbitrary File Execution via ACP p Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4997. PoCs published by I2sec-Jong Hwan Park.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in AneCMS v.2e2c583. The vulnerability arises from improper input validation in the 'p' parameter, allowing an attacker to include arbitrary local files via directory traversal sequences.

Description

Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.

Exploits (1)

exploitdb WORKING POC
by I2sec-Jong Hwan Park · textwebappsphp
https://www.exploit-db.com/exploits/18559

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in AneCMS v.2e2c583. The vulnerability arises from improper input validation in the 'p' parameter, allowing an attacker to include arbitrary local files via directory traversal sequences.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: AneCMS v.2e2c583
No auth needed
Prerequisites: Access to the target web application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52272
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18559
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73682

Scores

EPSS 0.0282
EPSS Percentile 84.8%

Details

CWE
CWE-22
Status published
Products (2)
anecms/anecms
anecms/anecms 2e2c583
Published Sep 19, 2012
Tracked Since Feb 18, 2026