Lucene search

PRIOn knowledge basePRION:CVE-2010-0988

HistoryMar 26, 2010 - 6:30 p.m.

Design/Logic Flaw

2010-03-2618:30:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.2%

JSON

Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.

CPENameOperatorVersion
pulse_cmseq1.2.1
pulse_cmsle1.2.2
pulse_cmseq1.18
pulse_cmseq1.15
pulse_cmseq1.0
pulse_cmseq1.16
pulse_cmseq1.1
pulse_cmseq1.17
pulse_cmseq1.01
pulse_cmseq1.2

Name	Operator	Version
pulse_cms	eq	1.2.1
pulse_cms	le	1.2.2
pulse_cms	eq	1.18
pulse_cms	eq	1.15
pulse_cms	eq	1.0
pulse_cms	eq	1.16
pulse_cms	eq	1.1
pulse_cms	eq	1.17
pulse_cms	eq	1.01
pulse_cms	eq	1.2

References

secunia.com/advisories/39011

secunia.com/secunia_research/2010-45/

secunia.com/secunia_research/2010-51/

www.osvdb.org/63166

www.osvdb.org/63168

www.securityfocus.com/archive/1/510299/100/0/threaded

www.securityfocus.com/archive/1/510300/100/0/threaded

www.securityfocus.com/bid/38956

7.8 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.2%

JSON

Related for PRION:CVE-2010-0988