CVE-2012-4878

NUCLEI

FlatnuX CMS 2011 08.09.2 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4878. PoCs published by Vulnerability Laboratory. A Nuclei detection template is also available.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Flatnux, including HTML injection, CSRF, and directory traversal. It includes a sample exploit URL for directory traversal but lacks executable code.

Description

Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Vulnerability Laboratory · textwebappsphp

https://www.exploit-db.com/exploits/37034

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in Flatnux, including HTML injection, CSRF, and directory traversal. It includes a sample exploit URL for directory traversal but lacks executable code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Flatnux 2011-08.09.2, Flatnux 2011-2012-01.03.3, Flatnux 2011-minimal-2012-01.03.3, Fncommerce 2010-08-09-no-db, Fncommerce 2010-08-09-no-sample-data, Fncommerce 2010-08-09-with-sample-data, Fncommerce 2010-12-17-no-db, Fncommerce 2010-12-17-no-sample-data, Fncommerce 2010-12-17-with-sample-data

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK

T1006 - Direct Volume Access T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →