CVE-2012-0996
published 2012-02-24CVE-2012-0996: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class…
PriorityP337medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
9.79%
94.9th percentile
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 11in1 | 11in1 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
11in1 CMS 1.2.1 - '/admin/index.php?class' Traversal Local File Inclusion
exploitdb·2012-02-15
CVE-2012-0996 11in1 CMS 1.2.1 - '/admin/index.php?class' Traversal Local File Inclusion
11in1 CMS 1.2.1 - '/admin/index.php?class' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/52025/info
11in1 is prone to a cross-site request-forgery and a local file include vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the affected application.
11in1 1.2.1 is vulnerable; other versions may also be affected.
http://www.example.com/admin/index.php?class=../../../tmp/file%00
Exploit-DB
11in1 CMS 1.2.1 - 'index.php?class' Traversal Local File Inclusion
exploitdb·2012-02-15
CVE-2012-0996 11in1 CMS 1.2.1 - 'index.php?class' Traversal Local File Inclusion
11in1 CMS 1.2.1 - 'index.php?class' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/52025/info
11in1 is prone to a cross-site request-forgery and a local file include vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the affected application.
11in1 1.2.1 is vulnerable; other versions may also be affected.
http://www.example.com/index.php?class=../../../tmp/file%00
Nuclei
11in1 CMS 1.2.1 - Local File Inclusion (LFI)
nuclei·CVSS 5.0
CVE-2012-0996 [MEDIUM] 11in1 CMS 1.2.1 - Local File Inclusion (LFI)
11in1 CMS 1.2.1 - Local File Inclusion (LFI)
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
Template:
id: CVE-2012-0996
info:
name: 11in1 CMS 1.2.1 - Local File Inclusion (LFI)
author: daffainfo
severity: medium
description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and compromise of the affected system.
remediation: Upgrade to th
No writeups or analysis indexed.
2012-02-24
Published