CVE-2011-4640

NUCLEI

SpamTitan WebTitan < 3.50 - Authenticated Path Traversal via logs-x.php fname Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4640. PoCs published by Richard Conner. A Nuclei detection template is also available.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in WebTitan versions prior to 3.60. It includes a URL example demonstrating how an attacker could access sensitive files like /etc/passwd by manipulating the 'fname' parameter with '../' sequences.

Description

Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Richard Conner · textwebappsphp

https://www.exploit-db.com/exploits/37943

View Code ZIP pw:eip

The provided text describes a directory traversal vulnerability in WebTitan versions prior to 3.60. It includes a URL example demonstrating how an attacker could access sensitive files like /etc/passwd by manipulating the 'fname' parameter with '../' sequences.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WebTitan < 3.60

No auth needed

Prerequisites: Network access to the vulnerable WebTitan instance

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WebTitan < 3.60 - Local File Inclusion

MEDIUMby ctflearner

Shodan: title:"WebTitan" || http.favicon.hash:1090061843

FOFA: icon_hash=1090061843 || title="webtitan"

References (1)

Core 1

Core References

Exploit x_refsource_misc

http://www.sec-1.com/blog/?p=211

Scores

EPSS 0.0511

EPSS Percentile 90.1%

Details

CWE

CWE-22

Status published

Products (1)

spamtitan/webtitan < 3.50

Published Oct 08, 2012

Tracked Since Feb 18, 2026