CVE-2011-4810

Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
whmcswhmcompletesolution
3.0.0
whmcswhmcompletesolution
4.0.0
whmcswhmcompletesolution
4.0.1
whmcswhmcompletesolution
4.0.2
whmcswhmcompletesolution
4.1.0
whmcswhmcompletesolution
4.1.1
whmcswhmcompletesolution
4.1.2
whmcswhmcompletesolution
4.2.0
whmcswhmcompletesolution
4.2.0:beta_r1
whmcswhmcompletesolution
4.2.0:beta_r2
whmcswhmcompletesolution
4.2.0:beta_r3
whmcswhmcompletesolution
4.2.1
whmcswhmcompletesolution
4.3.0
whmcswhmcompletesolution
4.3.1
whmcswhmcompletesolution
4.4.0
whmcswhmcompletesolution
4.4.1
whmcswhmcompletesolution
4.4.2
whmcswhmcompletesolution
4.5.0
whmcswhmcompletesolution
4.5.1
whmcswhmcompletesolution
4.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.exploit-db.com/exploits/18088
http://www.exploit-db.com/exploits/18088