Home

Description

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.

PUBLISHED Reserved 2025-08-11 | Published 2025-08-13 | Updated 2025-08-14 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unknown

0.4.2
affected

Credits

Osirys finder

References

raw.githubusercontent.com/...y/scanner/http/s40_traversal.rb exploit

www.exploit-db.com/exploits/17129 exploit

web.archive.org/...ttp://y-osirys.com/security/exploits/id27 technical-description exploit

web.archive.org/web/20120531114058/http://s40.biz/ product

www.vulncheck.com/advisories/s40-cms-path-traversal third-party-advisory

cve.org (CVE-2011-10009)

nvd.nist.gov (CVE-2011-10009)

Download JSON