Vulnerability: 11in1 CMS 1.2.1 - Local File Inclusion (LFI)

Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.

Impact

Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and compromise of the affected system.

Severity

medium

Verified

Unknown