Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by people to compromise a vulnerable system. An error within includes/login.php in the handling of failed login attempts can be exploited to store content in an arbitrary file within the web root. This e.g. allows executing arbitrary PHP code via a specially crafted request. Successful exploitation requires that "register_globals" is enabled.
7d72f52e14d3e1978ae72f73f313631c8265d2d019934dc7e4afc066f96c448dSecunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by malicious users to compromise a vulnerable system. Input passed via the "filename" and "block" parameters to view.php is not properly sanitized before being used to write to a file. This can be exploited to write arbitrary content to an arbitrary file via a specially crafted POST request and allows executing arbitrary PHP code. Successful exploitation requires authentication.
40307d5c43ea3eab74e5803b290ea245c236721a099a25f9d6231058a5d34a33
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed