CVE-2010-1334 — MEDIUM (6.0)

Vulnerability Description

Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory, a different vulnerability than CVE-2010-0993.

CVSS Score

6.0

MEDIUM

AV:N/AC:M/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Pulsecms	Pulse Cms	1.2.4

References

http://secunia.com/advisories/39046Vendor Advisory
http://secunia.com/advisories/39046Vendor Advisory

FAQ

What is CVE-2010-1334?

CVE-2010-1334 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extensio...

How severe is CVE-2010-1334?

CVE-2010-1334 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1334?

Check the references section above for vendor advisories and patch information. Affected products include: Pulsecms Pulse Cms.