CVE-2014-2069

HIGH

Eshtery CMS - Path Traversal via File Parameter in FileManager.aspx

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2069. PoCs published by peng.deng.

AI-analyzed exploit summary The provided text describes a local file disclosure vulnerability in eshtery CMS due to inadequate input validation. The example URL demonstrates how an attacker can read arbitrary local files by manipulating the 'file' parameter in FileManager.aspx.

Description

Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.

Exploits (1)

exploitdb WRITEUP VERIFIED
by peng.deng · textwebappsasp
https://www.exploit-db.com/exploits/39106

The provided text describes a local file disclosure vulnerability in eshtery CMS due to inadequate input validation. The example URL demonstrates how an attacker can read arbitrary local files by manipulating the 'file' parameter in FileManager.aspx.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: eshtery CMS (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable FileManager.aspx endpoint
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91463
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Feb/219
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65740

Scores

CVSS v3 7.5
EPSS 0.1603
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
eshtery.she7ata/eshtery_cms
Published Apr 16, 2018
Tracked Since Feb 18, 2026