216.73.217.64

CVE-2011-10009

· Published 13/08/2025 21:15 · Modified 13/08/2025 21:15

Labels: CVE-2011-10009 2025-08-13CVE-2011-10009CWE-22[email protected]

Essential information

Published
13/08/2025 21:15
Modified
13/08/2025 21:15
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
s40 / s40 cms cpe:2.3:a:s40:s40_cms:0.4.2:*:*:*:*:*:*:*

References