CVE-2012-6500

Pragyan CMS < 3.0 - Path Traversal via Fileget Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6500. PoCs published by Or4nG.M4N.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Pragyan CMS v3.0, allowing remote file disclosure via the 'fileget' parameter. The vulnerability is due to improper sanitization of user input in 'download.lib.php' and 'index.php'.

Description

Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php.

Exploits (1)

exploitdb WORKING POC
by Or4nG.M4N · textwebappsphp
https://www.exploit-db.com/exploits/18347

This exploit demonstrates a directory traversal vulnerability in Pragyan CMS v3.0, allowing remote file disclosure via the 'fileget' parameter. The vulnerability is due to improper sanitization of user input in 'download.lib.php' and 'index.php'.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Pragyan CMS v3.0
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51360
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18347
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/82585

Scores

EPSS 0.0339
EPSS Percentile 87.3%

Details

CWE
CWE-22
Status published
Products (10)
pragyan_cms_project/pragyan_cms 2.5.4
pragyan_cms_project/pragyan_cms 2.5.9
pragyan_cms_project/pragyan_cms 2.5.12
pragyan_cms_project/pragyan_cms 2.5.13
pragyan_cms_project/pragyan_cms 2.5.14
pragyan_cms_project/pragyan_cms 2.6.1
pragyan_cms_project/pragyan_cms 2.6.2
pragyan_cms_project/pragyan_cms 2.6.3
pragyan_cms_project/pragyan_cms 2.6.4
pragyan_cms_project/pragyan_cms < 3.0
Published Jan 12, 2013
Tracked Since Feb 18, 2026