CVE-2011-4640

NUCLEI

Spamtitan Webtitan < 3.50 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Richard Conner · textwebappsphp

https://www.exploit-db.com/exploits/37943

View Code ZIP pw:eip

Nuclei Templates (1)

WebTitan < 3.60 - Local File Inclusion

MEDIUMby ctflearner

Shodan: title:"WebTitan" || http.favicon.hash:1090061843

FOFA: icon_hash=1090061843 || title="webtitan"

References (1)

[Exploit] http://www.sec-1.com/blog/?p=211

Scores

EPSS 0.1363

EPSS Percentile 94.3%

Details

CWE

CWE-22

Status published

Products (1)

spamtitan/webtitan < 3.50

Published Oct 08, 2012

Tracked Since Feb 18, 2026