Vulnerability Description
Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter.
CVSS Score
5.5
MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pulsecms | Pulse Cms | <= 1.2.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/39011Vendor Advisory
- http://secunia.com/secunia_research/2010-48/Vendor Advisory
- http://www.osvdb.org/63167
- http://www.securityfocus.com/archive/1/510307/100/0/threaded
- http://www.securityfocus.com/bid/38947
- http://secunia.com/advisories/39011Vendor Advisory
- http://secunia.com/secunia_research/2010-48/Vendor Advisory
- http://www.osvdb.org/63167
- http://www.securityfocus.com/archive/1/510307/100/0/threaded
- http://www.securityfocus.com/bid/38947
FAQ
What is CVE-2010-0989?
CVE-2010-0989 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter.
How severe is CVE-2010-0989?
CVE-2010-0989 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0989?
Check the references section above for vendor advisories and patch information. Affected products include: Pulsecms Pulse Cms.