CVE-2011-10009

HIGH

S40 CMS v0.4.2 - Path Traversal

Title source: llm

Description

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Osirys · textwebappsphp

https://www.exploit-db.com/exploits/17129

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/s40_traversal.rb

View Code ZIP pw:eip

References (5)

[Various Sources] https://web.archive.org/web/20110613222630/http://y-osirys.com/security/exploits/id27

[Various Sources] https://web.archive.org/web/20120531114058/http://s40.biz/

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/s40_traversal.rb

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/17129

[Third Party Advisory] https://www.vulncheck.com/advisories/s40-cms-path-traversal

Scores

CVSS v4 8.7

EPSS 0.4842

EPSS Percentile 97.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Details

CWE

CWE-22

Status published

Products (1)

S40 CMS/S40 CMS 0.4.2

Published Aug 13, 2025

Tracked Since Feb 18, 2026