Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2011-0518

EPSS 69.38% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2011-0518

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via the system parameter to index.php.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
LotusCMS Fraise core/lib/router.php目录遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
当magic_quotes_gpc禁用时,LotusCMS Fraise 3.0中的core/lib/router.php中存在目录遍历漏洞。远程攻击者可以借助向index.php传递的system参数包含并执行任意本地文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2011-0518

#POC DescriptionSource LinkShenlong Link
1LotusCMS 3.0 is susceptible to remote code execution via the Router () function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call and allow remote code execution. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2011/CVE-2011-0518.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2011-0518

Please Login to view more intelligence information

Same Patch Batch · n/a · 2011-01-20 · 37 CVEs total

CVE-2011-0510Advanced Webhost Billing System cart.php SQL注入漏洞
CVE-2011-0502Musanim Music Animation Machine MIDI Player拒绝服务漏洞
CVE-2011-0503VaM Shop跨站请求伪造漏洞
CVE-2011-0504VaM Shop多个跨站脚本攻击漏洞
CVE-2011-0505Zwii system/system.php 目录遍历漏洞
CVE-2011-0506Tsixm Ax Developer CMS modules/profile/user.php 目录遍历漏洞
CVE-2011-0507Blackmoon FTP FTPService.exe拒绝服务漏洞
CVE-2011-0508Contao CMS system/modules/comments/Comments.php文件跨站脚本攻击漏洞
CVE-2011-0509Vaadin 跨站脚本攻击漏洞
CVE-2011-0501Musanim Music Animation Machine MIDI Player栈缓冲区溢出漏洞
CVE-2011-0511Joomtraders allCineVid组件SQL注入漏洞
CVE-2011-0512Jikaka PHP-Fusion Teams Structure模块team.php SQL注入漏洞
CVE-2011-0513SecurStar DriveCrypt DCR.sys驱动程序任意代码执行漏洞
CVE-2011-0514HP Data Protector Manager RDS服拒绝服务漏洞
CVE-2011-0515Kingsoft AntiVirus 2011 KisKrnl.sys拒绝服务漏洞
CVE-2011-0516E-PROMPT C BetMore Site Suite mainx_a.php SQL注入漏洞
CVE-2011-0517Sielco Sistemi Winlog Pro栈缓冲区溢出漏洞
CVE-2011-0519Gallarific PHP Photo Gallery脚本gallery.php SQL注入漏洞
CVE-2010-4702Fxwebdesign Jradio(com_jradio)组件SQL注入漏洞
CVE-2010-3928Wayneeseguin Ruby Version Manager脱离序列注入漏洞

Showing top 20 of 37 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2011-0518

No comments yet

Leave a comment