CVE-2014-5258

NUCLEI

webEdition CMS < 6.3.8.0 - Authenticated Path Traversal via showTempFile.php file Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5258. PoCs published by High-Tech Bridge SA. A Nuclei detection template is also available.

AI-analyzed exploit summary The advisory describes a path traversal vulnerability (CVE-2014-5258) in webEdition CMS, allowing authenticated users to read arbitrary files via the 'file' parameter in '/webEdition/showTempFile.php'. The exploitation example demonstrates reading '/etc/passwd'.

Description

Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.

Exploits (1)

exploitdb WRITEUP
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/34761

The advisory describes a path traversal vulnerability (CVE-2014-5258) in webEdition CMS, allowing authenticated users to read arbitrary files via the 'file' parameter in '/webEdition/showTempFile.php'. The exploitation example demonstrates reading '/etc/passwd'.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: webEdition CMS 6.3.8.0 (SVN-Revision: 6985) and prior
Auth required
Prerequisites: Valid user credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

webEdition 6.3.8.0 - Directory Traversal
MEDIUMby daffainfo
Shodan: cpe:"cpe:2.3:a:webedition:webedition_cms"

References (5)

Core 5

Scores

EPSS 0.8120
EPSS Percentile 99.2%

Details

CWE
CWE-22
Status published
Products (1)
webedition/webedition_cms < 6.3.8.0
Published Nov 06, 2014
Tracked Since Feb 18, 2026