CVE-2012-10034

HIGH

ClanSphere 2011.3 - Local File Inclusion

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-10034. PoCs published by blkhtc0rp, blkhtc0rp, sinn3r, including Metasploit module auxiliary/scanner/http/clansphere_traversal.

AI-analyzed exploit summary This exploit leverages a Local File Include (LFI) vulnerability in ClanSphere 2011.3 via the 'cs_lang' cookie parameter to inject a base64-encoded PHP reverse shell into a log file, which is then executed to establish a reverse shell connection.

Description

ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further exacerbated by null byte injection (%00) to bypass file extension checks.

Exploits (2)

exploitdb WORKING POC VERIFIED

by blkhtc0rp · textwebappsphp

https://www.exploit-db.com/exploits/22181

View Code ZIP pw:eip

This exploit leverages a Local File Include (LFI) vulnerability in ClanSphere 2011.3 via the 'cs_lang' cookie parameter to inject a base64-encoded PHP reverse shell into a log file, which is then executed to establish a reverse shell connection.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ClanSphere 2011.3

No auth needed

Prerequisites: Access to a vulnerable ClanSphere 2011.3 instance · Ability to write to a log file accessible via LFI · Network connectivity to receive the reverse shell

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by blkhtc0rp, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/clansphere_traversal.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in ClanSphere 2011.3 via the 'cs_lang' parameter, allowing arbitrary file reads. It sends a crafted HTTP request with a traversal payload to retrieve files like '/etc/passwd'.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ClanSphere 2011.3

No auth needed

Prerequisites: Network access to the target web application

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/clansphere_traversal.rb

Exploit, VDB Entry exploit

https://www.exploit-db.com/exploits/22181

Product product

https://sourceforge.net/projects/clansphere/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/clansphere-local-file-inclusion-via-cookie

Scores

CVSS v3 7.5

EPSS 0.0128

EPSS Percentile 66.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

ClanSphere Project/ClanSphere 2011.3

csphere/clansphere 2011.3

Published Aug 05, 2025

Tracked Since Feb 18, 2026