CVE-2011-0518

NUCLEI

LotusCMS Fraise 3.0 - Path Traversal and Arbitrary Local File Inclusion via System Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-0518. PoCs published by mr_me, including Metasploit module exploits/multi/http/lcms_php_exec. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit targets a Local File Inclusion (LFI) vulnerability in Lotus CMS Fraise v3.0, allowing remote code execution via log poisoning or blog comment injection. It includes proxy support, dynamic user-agent generation, and an interactive shell.

Description

Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via the system parameter to index.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by mr_me · pythonwebappsphp

https://www.exploit-db.com/exploits/15964

View Code ZIP pw:eip

This exploit targets a Local File Inclusion (LFI) vulnerability in Lotus CMS Fraise v3.0, allowing remote code execution via log poisoning or blog comment injection. It includes proxy support, dynamic user-agent generation, and an interactive shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Lotus CMS Fraise v3.0

No auth needed

Prerequisites: PHP with magic_quotes_gpc disabled · Apache access logs writable · Blog comment functionality enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/lcms_php_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a remote command execution vulnerability in LotusCMS 3.0 by injecting PHP code into the 'page' parameter, which is passed to an eval() call. It supports both automatic and manual detection of the vulnerable parameter.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: LotusCMS 3.0

No auth needed

Prerequisites: Access to a vulnerable LotusCMS 3.0 instance

MITRE ATT&CK

T1059.004 - Unix Shell T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

LotusCMS 3.0 - Remote Code Execution

CRITICALVERIFIEDby pikpikcu

References (5)

Core 5

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15964

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/70409

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0073

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42835

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/64736

Scores

EPSS 0.6938

EPSS Percentile 98.7%

Details

CWE

CWE-22

Status published

Products (1)

lotuscms/fraise 3.0

Published Jan 20, 2011

Tracked Since Feb 18, 2026