Directory Traversal Vulnerability in e-Vision CMS by e-Vision
CVE-2008-6551

Currently unrated

Key Information:

Vendor

E-vision

Status
E-vision Cms
Vendor
CVE Published:
30 March 2009

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2008-6551?

Multiple directory traversal vulnerabilities exist in e-Vision CMS versions 2.0.2 and earlier, primarily when the magic_quotes_gpc feature is disabled. These vulnerabilities enable remote attackers to exploit specific parameters, potentially allowing them to include and execute arbitrary local files. Attackers can manipulate the 'adminlang' cookie or various module parameters in critical admin paths, leading to unauthorized access and execution of sensitive local files. It is crucial for users of affected versions to apply updates and implement security measures to mitigate risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-6551 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/46457
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/32180
vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/7031
exploitx_refsource_EXPLOIT-DB

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.