Vulnerability Details CVE-2010-0988
Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.6%
CVSS Severity
CVSS v2 Score 6.0
References
- http://secunia.com/advisories/39011
- http://secunia.com/secunia_research/2010-45/
- http://secunia.com/secunia_research/2010-51/
- http://www.osvdb.org/63166
- http://www.osvdb.org/63168
- http://www.securityfocus.com/archive/1/510299/100/0/threaded
- http://www.securityfocus.com/archive/1/510300/100/0/threaded
- http://www.securityfocus.com/bid/38956
- http://secunia.com/advisories/39011
- http://secunia.com/secunia_research/2010-45/
- http://secunia.com/secunia_research/2010-51/
- http://www.osvdb.org/63166
- http://www.osvdb.org/63168
- http://www.securityfocus.com/archive/1/510299/100/0/threaded
- http://www.securityfocus.com/archive/1/510300/100/0/threaded
- http://www.securityfocus.com/bid/38956
Products affected by CVE-2010-0988
-
cpe:2.3:a:pulsecms:pulse_cms:1.0
-
cpe:2.3:a:pulsecms:pulse_cms:1.01
-
cpe:2.3:a:pulsecms:pulse_cms:1.1
-
cpe:2.3:a:pulsecms:pulse_cms:1.15
-
cpe:2.3:a:pulsecms:pulse_cms:1.16
-
cpe:2.3:a:pulsecms:pulse_cms:1.17
-
cpe:2.3:a:pulsecms:pulse_cms:1.18
-
cpe:2.3:a:pulsecms:pulse_cms:1.2
-
cpe:2.3:a:pulsecms:pulse_cms:1.2.1
-
cpe:2.3:a:pulsecms:pulse_cms:1.2.2