CVE-2008-6643
LokiCMS 0.3.4 (and possibly earlier) is affected by an access-control bypass in administrative functions. The issue allows remote attackers to bypass restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php. Affected component/function: LokiCMS ...