CVE-2014-9261

Codoforum 2.5.1 - Path Traversal via Path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9261. PoCs published by Kacper Szurek.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file download vulnerability in Codoforum 2.5.1 due to improper sanitization of the file path parameter. The `sanitize` function fails to return the sanitized value, allowing directory traversal attacks.

Description

The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.

Exploits (1)

exploitdb WORKING POC
by Kacper Szurek · textwebappsphp
https://www.exploit-db.com/exploits/36320

This exploit demonstrates an arbitrary file download vulnerability in Codoforum 2.5.1 due to improper sanitization of the file path parameter. The `sanitize` function fails to return the sanitized value, allowing directory traversal attacks.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Codoforum 2.5.1
No auth needed
Prerequisites: Access to the target Codoforum instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/119412
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/36320
Vendor Advisory x_refsource_confirm
https://codoforum.com/documentation/roadmap

Scores

EPSS 0.0910
EPSS Percentile 94.6%

Details

CWE
CWE-22
Status published
Products (1)
codologic/codoforum 2.5.1
Published Mar 23, 2015
Tracked Since Feb 18, 2026