Vulnerability Description
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lokicms | Lokicms | 0.3.4 |
Related Weaknesses (CWE)
References
- http://osvdb.org/45866
- http://www.securityfocus.com/archive/1/492877/100/0/threaded
- http://www.securityfocus.com/bid/29448Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42766
- http://osvdb.org/45866
- http://www.securityfocus.com/archive/1/492877/100/0/threaded
- http://www.securityfocus.com/bid/29448Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42766
FAQ
What is CVE-2008-6643?
CVE-2008-6643 is a vulnerability with a CVSS score of 5.0 (MEDIUM). LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settin...
How severe is CVE-2008-6643?
CVE-2008-6643 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6643?
Check the references section above for vendor advisories and patch information. Affected products include: Lokicms Lokicms.