LotusCMS Multiple PHP Code Execution Vulnerabilities
BID:52349
Info
LotusCMS Multiple PHP Code Execution Vulnerabilities
| Bugtraq ID: | 52349 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 15 2011 12:00AM |
| Updated: | Mar 15 2011 12:00AM |
| Credit: | Secunia Research |
| Vulnerable: |
LotusCMS LotusCMS 3.0.4 LotusCMS LotusCMS 3.0.3 |
| Not Vulnerable: | |
Discussion
LotusCMS Multiple PHP Code Execution Vulnerabilities
LotusCMS is prone to multiple PHP code-execution vulnerabilities.
An attacker can exploit these issues to inject and execute arbitrary malicious PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system. Other attacks are possible, however, this requires 'stats' to be public.
LotusCMS 3.0.3 and 3.0.5 are vulnerable.
LotusCMS is prone to multiple PHP code-execution vulnerabilities.
An attacker can exploit these issues to inject and execute arbitrary malicious PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system. Other attacks are possible, however, this requires 'stats' to be public.
LotusCMS 3.0.3 and 3.0.5 are vulnerable.
Exploit / POC
LotusCMS Multiple PHP Code Execution Vulnerabilities
The following exploits are available:
The following exploits are available:
Solution / Fix
LotusCMS Multiple PHP Code Execution Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
LotusCMS Multiple PHP Code Execution Vulnerabilities
References:
References:
- LotusCMS Homepage (LotusCMS)
- LotusCMS Two PHP Code Execution Vulnerabilities (Secunia)