Lucene search
K

5 matches found

Cvelist
Cvelist
added 2009/01/26 8:0 p.m.30 views

CVE-2008-5965

Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magicquotesgpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. dot dot in the page parameter...

6.8AI score0.06418EPSS
Exploits1References5
Prion
Prion
added 2008/10/22 2:10 a.m.12 views

Directory traversal

Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter...

6.8CVSS7.6AI score0.02436EPSS
Exploits0References6Affected Software1
Packet Storm
Packet Storm
added 2008/10/13 12:0 a.m.21 views

lokicms-lfi.txt

LokiCMS 0.3.4 admin.php Create Local File Inclusion Exploit url: http://www.lokicms.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Author will be not responsibl...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/10/12 12:0 a.m.16 views

LokiCMS 0.3.4 - index.php Arbitrary Check File

LokiCMS 0.3.4 - index.php Arbitrary Check File LokiCMS = 0.3.4 index.php page Arbitrary Check File Exploit url: http://www.lokicms.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it ...

Exploits0
seebug.org
seebug.org
added 2008/06/03 12:0 a.m.20 views

LokiCMS admin.php文件绕过安全限制漏洞

BUGTRAQ ID: 29448 LokiCMS是一款简单易用的网络内容管理系统。 LokiCMS的admin.php文件中存在逻辑错误,如果远程攻击者在所提交的HTTP POST请求中设置了LokiACTION和其他参数的话,则无需管理权限就可以设置CMS main settings。 以下是有漏洞的代码段: admin.php Lines:24-42 if isset $POST && isset $POST'LokiACTION' && strlen trim $POST'LokiACTION' 0 // we have an action to do switch trim...

6.8AI score
Exploits0
Rows per page
Query Builder