Vulnerability Description
Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pulsecms | Pulse Cms | <= 1.2.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/39011Vendor Advisory
- http://secunia.com/secunia_research/2010-45/Vendor Advisory
- http://secunia.com/secunia_research/2010-51/Vendor Advisory
- http://www.osvdb.org/63166
- http://www.osvdb.org/63168
- http://www.securityfocus.com/archive/1/510299/100/0/threaded
- http://www.securityfocus.com/archive/1/510300/100/0/threaded
- http://www.securityfocus.com/bid/38956
- http://secunia.com/advisories/39011Vendor Advisory
- http://secunia.com/secunia_research/2010-45/Vendor Advisory
- http://secunia.com/secunia_research/2010-51/Vendor Advisory
- http://www.osvdb.org/63166
- http://www.osvdb.org/63168
- http://www.securityfocus.com/archive/1/510299/100/0/threaded
- http://www.securityfocus.com/archive/1/510300/100/0/threaded
FAQ
What is CVE-2010-0988?
CVE-2010-0988 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login f...
How severe is CVE-2010-0988?
CVE-2010-0988 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0988?
Check the references section above for vendor advisories and patch information. Affected products include: Pulsecms Pulse Cms.