FKIE_CVE-2011-10009

Vulnerability from fkie_nvd - Published: 2025-08-13 21:15 - Updated: 2025-08-14 15:15
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.
References
disclosure@vulncheck.comhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/s40_traversal.rb
disclosure@vulncheck.comhttps://web.archive.org/web/20110613222630/http://y-osirys.com/security/exploits/id27
disclosure@vulncheck.comhttps://web.archive.org/web/20120531114058/http://s40.biz/
disclosure@vulncheck.comhttps://www.exploit-db.com/exploits/17129
disclosure@vulncheck.comhttps://www.vulncheck.com/advisories/s40-cms-path-traversal
134c704f-9b21-4f2e-91b3-4a467353bcc0https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/s40_traversal.rb
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [
    {
      "sourceIdentifier": "disclosure@vulncheck.com",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks."
    },
    {
      "lang": "es",
      "value": "S40 CMS v0.4.2 contiene una vulnerabilidad de path traversal en su controlador de p\u00e1gina index.php. El par\u00e1metro p no est\u00e1 correctamente depurado, lo que permite a los atacantes recorrer el sistema de archivos y acceder a archivos arbitrarios fuera de la ra\u00edz web. Esto puede explotarse remotamente sin autenticaci\u00f3n a\u00f1adiendo secuencias de recorrido y un byte nulo para eludir las comprobaciones de extensi\u00f3n de archivo."
    }
  ],
  "id": "CVE-2011-10009",
  "lastModified": "2025-08-14T15:15:27.987",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-13T21:15:27.020",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/s40_traversal.rb"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://web.archive.org/web/20110613222630/http://y-osirys.com/security/exploits/id27"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://web.archive.org/web/20120531114058/http://s40.biz/"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.exploit-db.com/exploits/17129"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.vulncheck.com/advisories/s40-cms-path-traversal"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/s40_traversal.rb"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.