CVE-2018-17934

CRITICAL

NUUO CMS < 3.3 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-17934. PoCs published by Pedro Ribeiro <[email protected]>, including Metasploit module auxiliary/gather/nuuo_cms_file_download.

AI-analyzed exploit summary This Metasploit module exploits an authenticated arbitrary file download vulnerability in Nuuo Central Management Server (CMS) by leveraging directory traversal to retrieve sensitive configuration files containing credentials and SQL Server passwords.

Description

NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code.

Exploits (1)

metasploit WORKING POC
by Pedro Ribeiro <[email protected]> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/nuuo_cms_file_download.rb

This Metasploit module exploits an authenticated arbitrary file download vulnerability in Nuuo Central Management Server (CMS) by leveraging directory traversal to retrieve sensitive configuration files containing credentials and SQL Server passwords.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Nuuo Central Management Server up to and including 3.5
Auth required
Prerequisites: Authenticated session or valid credentials (default credentials may work)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02

Scores

CVSS v3 9.8
EPSS 0.1965
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
nuuo/nuuo_cms < 3.3
Published Nov 27, 2018
Tracked Since Feb 18, 2026