CVE-2011-4831

Web File Browser 0.4b14 - Authenticated Path Traversal via File Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4831. PoCs published by Sangyun YOO.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Web File Browser 0.4b14, allowing unauthorized file download via manipulated HTTP requests. The PoC uses a crafted GET request with dot-dot-slash sequences to access files outside the intended directory.

Description

Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sangyun YOO · textwebappsphp

https://www.exploit-db.com/exploits/18070

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Web File Browser 0.4b14, allowing unauthorized file download via manipulated HTTP requests. The PoC uses a crafted GET request with dot-dot-slash sequences to access files outside the intended directory.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Web File Browser 0.4b14

Auth required

Prerequisites: Access to the target application · Valid session cookies (authentication required)

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18070

Scores

EPSS 0.0274

EPSS Percentile 84.3%

Details

CWE

CWE-22

Status published

Products (1)

david_azoulay/web_file_browser 0.4b14

Published Dec 15, 2011

Tracked Since Feb 18, 2026