Pulse CMS Multiple PHP Code Injection Vulnerabilities
BID:38956
Info
Pulse CMS Multiple PHP Code Injection Vulnerabilities
| Bugtraq ID: | 38956 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-0988 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 24 2010 12:00AM |
| Updated: | Mar 19 2015 09:32AM |
| Credit: | Secunia Research |
| Vulnerable: |
Pulse CMS Pulse CMS 1.2.2 |
| Not Vulnerable: |
Pulse CMS Pulse CMS 1.2.3 |
Discussion
Pulse CMS Multiple PHP Code Injection Vulnerabilities
Pulse CMS is prone to multiple remote PHP code-injection vulnerabilities
An attacker can exploit these issues to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Pulse CMS 1.2.2 is vulnerable; other versions may also be affected.
Pulse CMS is prone to multiple remote PHP code-injection vulnerabilities
An attacker can exploit these issues to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Pulse CMS 1.2.2 is vulnerable; other versions may also be affected.
Exploit / POC
Pulse CMS Multiple PHP Code Injection Vulnerabilities
Attackers can exploit this issue via a browser.
Attackers can exploit this issue via a browser.
Solution / Fix
Pulse CMS Multiple PHP Code Injection Vulnerabilities
Solution:
The vendor released updates to address these issues. Please see the references for more information.
Solution:
The vendor released updates to address these issues. Please see the references for more information.
References
Pulse CMS Multiple PHP Code Injection Vulnerabilities
References:
References:
- Pulse CMS Homepage (Pulse CMS)
- Secunia Research: Pulse CMS Arbitrary File Writing Vulnerability (Secunia Research)
- Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability (Secunia Research)