High severityNVD Advisory· Published Aug 13, 2025· Updated Apr 15, 2026

CVE-2011-10009

Description

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/s40_traversal.rbnvd
web.archive.org/web/20110613222630/http://y-osirys.com/security/exploits/id27nvd
web.archive.org/web/20120531114058/http://s40.biz/nvd
www.exploit-db.com/exploits/17129nvd
www.vulncheck.com/advisories/s40-cms-path-traversalnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.039
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000