CVE-2011-3502

Cogent DataHub <7.1.1.63 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3502. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The exploit describes a source disclosure vulnerability in Cogent DataHub's web server, allowing remote attackers to view server-side script contents by appending specific characters to URLs. No actual exploit code is provided, only URLs demonstrating the issue.

Description

The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot).

Exploits (1)

exploitdb WRITEUP

by Luigi Auriemma · textwebappswindows

https://www.exploit-db.com/exploits/17840

View Code ZIP pw:eip

The exploit describes a source disclosure vulnerability in Cogent DataHub's web server, allowing remote attackers to view server-side script contents by appending specific characters to URLs. No actual exploit code is provided, only URLs demonstrating the issue.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Cogent DataHub <= 7.1.1.63

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK

T1119 - Automated Collection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

US Government Resource x_refsource_misc

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf

Exploit x_refsource_misc

http://aluigi.altervista.org/adv/cogent_4-adv.txt

Scores

EPSS 0.0589

EPSS Percentile 92.3%

Details

CWE

CWE-200

Status published

Products (5)

cogentdatahub/cogent_datahub 7.0

cogentdatahub/cogent_datahub 7.0.2

cogentdatahub/cogent_datahub 7.1.0

cogentdatahub/cogent_datahub 7.1.1

cogentdatahub/cogent_datahub 7.1.1.63

Published Sep 16, 2011

Tracked Since Feb 18, 2026