{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-12-14T00:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "18088", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/18088"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4810", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "18088", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18088"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:16:35.012Z"}, "title": "CVE Program Container", "references": [{"name": "18088", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/18088"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-4810", "datePublished": "2011-12-14T00:00:00.000Z", "dateReserved": "2011-12-13T00:00:00.000Z", "dateUpdated": "2024-09-16T18:24:44.642Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FAE9844C-3100-4156-B2AB-0943AFE1B54C", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2AD4B2D-E964-44CA-8876-99B90FF3115F", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "CBF47C26-16E7-4FF6-8C32-7E613DFC6C5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D0BE2826-A35D-439D-B698-0E48CF78950D", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "65E22213-2656-4A6E-93DF-82FCFF6A757B", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2C0DC052-A1F6-4A64-8760-5F43F0662017", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BA985700-B7B0-4D21-BEA2-B4B528AB3224", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "457D9958-4918-4B13-8755-53E30E20DA8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.2.0:beta_r1:*:*:*:*:*:*", "matchCriteriaId": "6F06C120-8FB8-405C-BCA1-165E1220E41F", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.2.0:beta_r2:*:*:*:*:*:*", "matchCriteriaId": "1DC4003A-3291-404B-A611-AE5ECB653A51", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.2.0:beta_r3:*:*:*:*:*:*", "matchCriteriaId": "E2D1C1E4-8DFB-4C6F-AC4C-B1AFDFB08905", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7B2828A-2760-4833-B598-B577367C2641", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C7020787-BDD3-4F06-A7F1-C96D30287346", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D1EB7AEF-3CB2-445C-95E7-D75113E096DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AE649BF1-1D8D-4130-BE24-1B9296B97B6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "EDD91F12-FE2B-48C5-AA65-B951E4F865C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "BAC98C21-371D-4272-A4D6-4BCB579F4987", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "04294CF0-08F0-4068-AA90-989EB01DCCE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F45FA57-BEDF-4F57-A21D-A43063C081AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:whmcs:whmcompletesolution:4.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD5B5029-B552-4361-9076-62E54BE1D85E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en WHMCompleteSolution (WHMCS) v3.x y v4.x, permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s del par\u00e1metro templatefile de (1) submitticket.php y (2) downloads.php, y (3) el par\u00e1metro report de admin/reports.php."}], "id": "CVE-2011-4810", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-12-14T00:55:19.293", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/18088"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/18088"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}