CVE-2011-10009

high

Description

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.

References

https://www.vulncheck.com/advisories/s40-cms-path-traversal

https://www.exploit-db.com/exploits/17129

https://web.archive.org/web/20120531114058/http://s40.biz/

https://web.archive.org/web/20110613222630/http://y-osirys.com/security/exploits/id27

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/s40_traversal.rb

Details

Source: Mitre, NVD

Published: 2025-08-13

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.0156