Pulse CMS 'delete.php' Arbitrary File Deletion Vulnerability
BID:38947
Info
Pulse CMS 'delete.php' Arbitrary File Deletion Vulnerability
| Bugtraq ID: | 38947 |
| Class: | Design Error |
| CVE: |
CVE-2010-0989 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 24 2010 12:00AM |
| Updated: | Mar 19 2015 09:14AM |
| Credit: | Secunia Research |
| Vulnerable: |
Pulse CMS Pulse CMS 1.2.2 |
| Not Vulnerable: |
Pulse CMS Pulse CMS 1.2.3 |
Discussion
Pulse CMS 'delete.php' Arbitrary File Deletion Vulnerability
Pulse CMS is prone to a vulnerability that lets attackers delete arbitrary files on the affected computer in the context of the webserver.
Attackers can exploit this issue with directory-traversal strings ('../') to delete arbitrary files; this may aid in launching further attacks.
Pulse CMS 1.2.2 is vulnerable; prior versions may also be affected.
Pulse CMS is prone to a vulnerability that lets attackers delete arbitrary files on the affected computer in the context of the webserver.
Attackers can exploit this issue with directory-traversal strings ('../') to delete arbitrary files; this may aid in launching further attacks.
Pulse CMS 1.2.2 is vulnerable; prior versions may also be affected.
Exploit / POC
Pulse CMS 'delete.php' Arbitrary File Deletion Vulnerability
Attackers can exploit this issue using a browser.
Attackers can exploit this issue using a browser.
Solution / Fix
Pulse CMS 'delete.php' Arbitrary File Deletion Vulnerability
Solution:
The vendor has released an update. Please see the references for details.
Solution:
The vendor has released an update. Please see the references for details.
References
Pulse CMS 'delete.php' Arbitrary File Deletion Vulnerability
References:
References:
- Pulse CMS Homepage (Pulse CMS)
- Secunia Research: Pulse CMS Arbitrary File Deletion Vulnerability (Secunia Research