Design/Logic Flaw

2009-04-0714:17:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.3%

JSON

LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.

CPENameOperatorVersion
lokicmseq0.3.4

CPE	Name	Operator	Version
	lokicms	eq	0.3.4

References

osvdb.org/45866

www.securityfocus.com/archive/1/492877/100/0/threaded

www.securityfocus.com/bid/29448

exchange.xforce.ibmcloud.com/vulnerabilities/42766