CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
93.0%
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter.
Vendor | Product | Version | CPE |
---|---|---|---|
lokicms | lokicms | * | cpe:2.3:a:lokicms:lokicms:*:*:*:*:*:*:*:* |
lokicms | lokicms | 0.1.0 | cpe:2.3:a:lokicms:lokicms:0.1.0:*:*:*:*:*:*:* |
lokicms | lokicms | 0.1.0rc1 | cpe:2.3:a:lokicms:lokicms:0.1.0rc1:*:*:*:*:*:*:* |
lokicms | lokicms | 0.2.0 | cpe:2.3:a:lokicms:lokicms:0.2.0:*:*:*:*:*:*:* |
lokicms | lokicms | 0.3.0 | cpe:2.3:a:lokicms:lokicms:0.3.0:*:*:*:*:*:*:* |
lokicms | lokicms | 0.3.1b1 | cpe:2.3:a:lokicms:lokicms:0.3.1b1:*:*:*:*:*:*:* |
lokicms | lokicms | 0.3.1b2 | cpe:2.3:a:lokicms:lokicms:0.3.1b2:*:*:*:*:*:*:* |
lokicms | lokicms | 0.3.2b1 | cpe:2.3:a:lokicms:lokicms:0.3.2b1:*:*:*:*:*:*:* |