CVE-2012-0996

NUCLEI

11in1 1.2.1 - Path Traversal via Class Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-0996. PoCs published by High-Tech Bridge SA. A Nuclei detection template is also available.

AI-analyzed exploit summary The provided text describes a cross-site request-forgery (CSRF) and local file inclusion (LFI) vulnerability in 11in1 1.2.1. It includes a sample exploit URL demonstrating the LFI vulnerability but lacks executable code.

Description

Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/36784

View Code ZIP pw:eip

The provided text describes a cross-site request-forgery (CSRF) and local file inclusion (LFI) vulnerability in 11in1 1.2.1. It includes a sample exploit URL demonstrating the LFI vulnerability but lacks executable code.

Classification

Writeup 80%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: 11in1 1.2.1

No auth needed

Prerequisites: Access to the target application · Ability to craft malicious URLs

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/36785

View Code ZIP pw:eip

The provided text describes a local file inclusion (LFI) vulnerability in 11in1 1.2.1, allowing arbitrary file access via path traversal. It also mentions a cross-site request forgery (CSRF) issue but lacks executable exploit code.

Classification

Writeup 80%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: 11in1 1.2.1

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

11in1 CMS 1.2.1 - Local File Inclusion (LFI)

MEDIUMby daffainfo

References (1)

Core 1

Core References

Exploit x_refsource_misc

https://www.htbridge.ch/advisory/HTB23071

Scores

EPSS 0.0288

EPSS Percentile 86.7%

Details

CWE

CWE-22

Status published

Products (1)

11in1/11in1 1.2.1 stable_12-31-2011

Published Feb 24, 2012

Tracked Since Feb 18, 2026