Pulsecms: >> Pulse Cms >> 1.2.4 Security Vulnerabilities
Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php.
CVSS Score
6.8
EPSS Score
0.069
Published
2010-12-07
Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory, a different vulnerability than CVE-2010-0993.
CVSS Score
6.0
EPSS Score
0.01
Published
2010-04-09