Vulnerability Details : CVE-2011-0518
Public exploit exists!
Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via the system parameter to index.php.
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2011-0518
Probability of exploitation activity in the next 30 days: 48.57%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2011-0518
-
LotusCMS 3.0 eval() Remote Command Execution
Disclosure Date: 2011-03-03First seen: 2020-04-26exploit/multi/http/lcms_php_execThis module exploits a vulnerability found in Lotus CMS 3.0's Router() function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call, therefore allowing remote code execution. The module can either automatically pick
CVSS scores for CVE-2011-0518
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2011-0518
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0518
-
http://www.exploit-db.com/exploits/15964
Lotus CMS Fraise 3.0 - Local File Inclusion / Remote Code Execution - PHP webapps ExploitExploit
-
http://www.vupen.com/english/advisories/2011/0073
Webmail | OVH- OVHVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64736
LotusCMS index.php file include CVE-2011-0518 Vulnerability Report
Products affected by CVE-2011-0518
- cpe:2.3:a:lotuscms:fraise:3.0:*:*:*:*:*:*:*