Vulnerability Details CVE-2008-3509
LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.151
EPSS Ranking 94.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/31389
- http://www.securityfocus.com/bid/30562
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44227
- https://www.exploit-db.com/exploits/6209
- https://www.exploit-db.com/exploits/6210
- http://secunia.com/advisories/31389
- http://www.securityfocus.com/bid/30562
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44227
- https://www.exploit-db.com/exploits/6209
- https://www.exploit-db.com/exploits/6210