Vulnerability Details CVE-2008-3509
LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.072
EPSS Ranking 91.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/31389
- http://www.securityfocus.com/bid/30562
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44227
- https://www.exploit-db.com/exploits/6209
- https://www.exploit-db.com/exploits/6210
- http://secunia.com/advisories/31389
- http://www.securityfocus.com/bid/30562
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44227
- https://www.exploit-db.com/exploits/6209
- https://www.exploit-db.com/exploits/6210