Lokicms: >> Lokicms >> 0.3.4 Security Vulnerabilities
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.
CVSS Score
5.0
EPSS Score
0.015
Published
2009-04-07
Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVSS Score
6.8
EPSS Score
0.059
Published
2008-10-22