cbcvebase.
CVE-2011-10009
published 2025-08-13

CVE-2011-10009: S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse…

PriorityP264high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.56%
72.1th percentile
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.

Affected

1 ranges
VendorProductVersion rangeFixed in
s40_cmss40_cms

Detection & IOCsextracted from sources · hover to see the quote

url/index.php?p=../../../../../../etc/passwd%00
path/index.php
  • Monitor HTTP requests to index.php where the 'p' parameter contains directory traversal sequences (e.g., '../') or null byte characters ('%00'), which are used to bypass file extension checks.
  • The exploit targets the 'page' function via the '$pid' parameter in S40 CMS; alert on requests to index.php with path traversal patterns in the 'p' query parameter.
  • No authentication is required to exploit this vulnerability; unauthenticated GET requests to index.php with traversal sequences should be treated as high-severity alerts.
  • ·Vulnerability is specific to S40 CMS version 0.4.2 only; verify the installed version before applying detections to avoid false positives on other versions.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.