Realist

Simply desperated. I found CVE: 2008-2650 but I cannot exploit it.

I tried null byte and I get Language file ./cmsimple/languages/../../../../******%00 is missing

Finally if I delete null byte and I get blank page, obviously the full path is ok but no the waited response.

Any suggestion about that?

There are several ways to exploit one vulnerability, maybe you try too stick too much on what you found instead of trying "new" things.

First of all I really appreciate your help rhododendron , any suggestion about where I should search it????

I tried CVE: 2008-2650 using null byte and uploading a file, no success. After that I reviewed all major vulnerabilitites (3.1, 4.x) .

Where should I search for this? just a resource suggestion in order to get more comprenhension about the vulnerability.