CVE-2011-4810
WHMCompleteSolution 3.x-4.x - Unauthenticated Path Traversal via Template File Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-4810. PoCs published by ZxH-Labs.
AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in WHMCS versions 3.x and 4.x, allowing attackers to read arbitrary files on the server via path traversal in the 'templatefile' parameter in submitticket.php and downloads.php, and the 'report' parameter in reports.php.
Description
Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php.
Exploits (1)
This exploit demonstrates a Local File Inclusion (LFI) vulnerability in WHMCS versions 3.x and 4.x, allowing attackers to read arbitrary files on the server via path traversal in the 'templatefile' parameter in submitticket.php and downloads.php, and the 'report' parameter in reports.php.