CVE-2012-6522

w-cms 2.01 - Path Traversal via p Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-6522. PoCs published by Black-ID, th3.g4m3_0v3r.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in w-CMS 2.0.1, including Local File Disclosure (LFD), Local File Edit/Write, Cross-Site Scripting (XSS), HTML Code Injection, Cross-Site Request Forgery (CSRF), and Arbitrary File Upload. The PoC provides clear examples and steps to exploit these vulnerabilities.

Description

Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Black-ID · textwebappsphp
https://www.exploit-db.com/exploits/18711

This exploit demonstrates multiple vulnerabilities in w-CMS 2.0.1, including Local File Disclosure (LFD), Local File Edit/Write, Cross-Site Scripting (XSS), HTML Code Injection, Cross-Site Request Forgery (CSRF), and Arbitrary File Upload. The PoC provides clear examples and steps to exploit these vulnerabilities.

Classification
Working Poc 90%
Attack Type
Info Leak | Xss | Csrf | File Upload
Complexity
Trivial
Reliability
Reliable
Target: w-CMS 2.0.1
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
by th3.g4m3_0v3r · textwebappsphp
https://www.exploit-db.com/exploits/18348

The provided text describes multiple vulnerabilities in W-CMS version 2.01, including XSS and directory traversal attacks. It includes example URLs demonstrating these vulnerabilities but does not contain executable exploit code.

Classification
Writeup 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: W-CMS 2.01
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47527
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18348
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/80974
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72302
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51359
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18711

Scores

EPSS 0.0404
EPSS Percentile 89.3%

Details

CWE
CWE-22
Status published
Products (1)
w-cms/w-cms 2.01
Published Jan 31, 2013
Tracked Since Feb 18, 2026