Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

ClanSphere Local File Inclusion Vulnerability

Vulnerability

Exploited

A local file inclusion vulnerability has been identified in ClanSphere version 2011.3. This issue arises from improper handling of the 'cs_lang' cookie parameter, which allows directory traversal and the reading of arbitrary files outside the web root. The vulnerability can be exploited by injecting null bytes to bypass file extension checks.

Impact

Exploitation of this vulnerability allows for local file inclusion, which could lead to unauthorized access to sensitive files on the server. Additionally, according to VulnCheck, this vulnerability could be exploited to execute a reverse shell.

Reproduction

The vulnerability can be reproduced by sending a crafted request that includes a 'cs_lang' cookie with a payload designed to traverse directories and access files outside the web root. This can be done using a tool like curl or through a Metasploit module available in the Metasploit Framework.

Added: Aug 5, 2025, 8:53 PM

Updated: Aug 5, 2025, 10:36 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.3

exploitability

10.0

remediation

0.0

relevance

0.3

threat

8.5

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.3

exploitability

10.0

remediation

0.0

relevance

0.3

threat

8.5

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

ClanSphere Local File Inclusion Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

ClanSphere

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating