What is CVE-2011-10009?

CVE-2011-10009 is a vulnerability in S40 Cms, classified under Path Traversal. Published 2025-08-13.

Is CVE-2011-10009 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in S40 Cms

CVE-2011-10009

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be ex…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.686 (98.6th percentile) — read the EPSS interpretation.

Affected products

S40 Cms — versions 0.4.2

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/… (exploit)
www.exploit-db.com/exploits/17129 (exploit)
web.archive.org/web/20110613222630/http://y-osirys.com/security/exploits/id27 (technical-description, exploit)
web.archive.org/web/20120531114058/http://s40.biz/ (product)
www.vulncheck.com/advisories/s40-cms-path-traversal (third-party-advisory)

Frequently asked questions

What is CVE-2011-10009?: CVE-2011-10009 is a vulnerability in S40 Cms, classified under Path Traversal. Published 2025-08-13.
Is CVE-2011-10009 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.