CVE-2011-10009
S40 CMS 0.4.2 Path Traversal
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.
| CWE | CWE-22 |
| Vendor | s40 cms |
| Product | s40 cms |
| Published | Aug 13, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for s40 cms s40 cms
Be the first to know when new unknown vulnerabilities affecting s40 cms s40 cms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
S40 CMS / S40 CMS
0.4.2
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/s40_traversal.rb exploit-db.com: https://www.exploit-db.com/exploits/17129 web.archive.org: https://web.archive.org/web/20110613222630/http://y-osirys.com/security/exploits/id27 web.archive.org: https://web.archive.org/web/20120531114058/http://s40.biz/ vulncheck.com: https://www.vulncheck.com/advisories/s40-cms-path-traversal
Credits
Osirys