CVE-2012-5192
bitweaver < 2.8.1 - Path Traversal via overlay_type Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2012-5192.
PoCs published by David Aaron, Jonathan Claudius, sinn3r, including Metasploit module auxiliary/scanner/http/bitweaver_overlay_type_traversal.
AI-analyzed exploit summary The document details multiple vulnerabilities in Bitweaver, including a Local File Inclusion (LFI) vulnerability in the 'overlay_type' parameter and several Cross-Site Scripting (XSS) vulnerabilities in various endpoints. It provides technical details, proof-of-concept requests, and remediation steps.
Description
Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_type parameter.
Exploits (2)
The document details multiple vulnerabilities in Bitweaver, including a Local File Inclusion (LFI) vulnerability in the 'overlay_type' parameter and several Cross-Site Scripting (XSS) vulnerabilities in various endpoints. It provides technical details, proof-of-concept requests, and remediation steps.
This Metasploit module exploits a directory traversal vulnerability in Bitweaver via the 'overlay_type' parameter in view_overlay.php, allowing arbitrary file reads. It sends a crafted GET request with traversal sequences to read files outside the web root.