Directory Traversal Vulnerability in Greenwood PHP Content Manager
CVE-2009-3824

Currently unrated

Key Information:

Vendor: Michael J Greenwood
Status: PHP Content Manager
Vendor: CVE Published:; 28 October 2009

🔔 Create Michael J Greenwood Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2009-3824?

The Greenwood PHP Content Manager version 0.3.2 is susceptible to a directory traversal vulnerability found in the include/processor.php file. This flaw allows an attacker to manipulate the content_path parameter, potentially enabling them to include and execute arbitrary files located on the server. An exploit could lead to unauthorized access, data leakage, or further compromise of the server if sensitive files are included and executed.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-3824 - Proof of Concept

References

http://www.exploit-db.com/exploits/9156

exploitx_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/51737

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 28, 2009
👾
Exploit known to exist
Oct 28, 2009
Vulnerability published
Oct 28, 2009
Vulnerability Reserved
Oct 28, 2009

CVE-2009-3824 Data

JSON