CVE-2011-10009
HIGHS40 CMS 0.4.2 - Unauthenticated Path Traversal via Index.php p Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2011-10009.
PoCs published by Osirys, including Metasploit module auxiliary/scanner/http/s40_traversal.
AI-analyzed exploit summary This is a security advisory detailing a Local File Inclusion (LFI) vulnerability in S40 CMS 0.4.2 Beta. The vulnerability arises due to insufficient input sanitization in the 'page()' function, allowing attackers to include arbitrary local files via a crafted GET request with a null byte.
Description
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.
Exploits (2)
This is a security advisory detailing a Local File Inclusion (LFI) vulnerability in S40 CMS 0.4.2 Beta. The vulnerability arises due to insufficient input sanitization in the 'page()' function, allowing attackers to include arbitrary local files via a crafted GET request with a null byte.
This Metasploit module exploits a directory traversal vulnerability in S40 CMS 0.4.2 by manipulating the $pid parameter in the 'page' function to retrieve arbitrary files. It sends a crafted HTTP GET request with traversal sequences to access files like /etc/passwd.
References (5)
Scores
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N