CVE-2011-4832

CaupoShop Pro < 3.70 and Classic 3.01 - Path Traversal via Template Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4832. PoCs published by Rami Salama.

AI-analyzed exploit summary This is a writeup describing a Local File Include (LFI) vulnerability in CaupoShop Pro and Classic versions. It provides exploit URLs and dorks for identification but does not include functional exploit code.

Description

Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter in a template action.

Exploits (1)

exploitdb WRITEUP
by Rami Salama · textwebappsphp
https://www.exploit-db.com/exploits/18066

This is a writeup describing a Local File Include (LFI) vulnerability in CaupoShop Pro and Classic versions. It provides exploit URLs and dorks for identification but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: CaupoShop Pro (2.x/ <= 3.70), CaupoShop Classic 3.01
No auth needed
Prerequisites: access to the vulnerable web application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46704
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71136
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50530
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18066
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/76871

Scores

EPSS 0.0276
EPSS Percentile 84.5%

Details

CWE
CWE-22
Status published
Products (4)
caupo/cauposhop_classic 3.01
caupo/cauposhop_pro 2.0
caupo/cauposhop_pro 2.1
caupo/cauposhop_pro < 3.70
Published Dec 15, 2011
Tracked Since Feb 18, 2026