CVE-2011-0518
CVE-2011-0518
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 15.8%KEV nãoPoC públicaNuclei simMetasploit simPatch —
Lifecycle
10 Jan 2011Public PoC
20 Jan 2011Published on NVD
03 Mar 2011Metasploit module available
Weaponization speed
41 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via the system parameter to index.php.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/15964unverifiedexploitdbwww.exploit-db.com/exploits/15964unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.