5 matches found
CVE-2008-5965
Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magicquotesgpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. dot dot in the page parameter...
Directory traversal
Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter...
lokicms-lfi.txt
LokiCMS 0.3.4 admin.php Create Local File Inclusion Exploit url: http://www.lokicms.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Author will be not responsibl...
LokiCMS 0.3.4 - index.php Arbitrary Check File
LokiCMS 0.3.4 - index.php Arbitrary Check File LokiCMS = 0.3.4 index.php page Arbitrary Check File Exploit url: http://www.lokicms.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it ...
LokiCMS admin.php文件绕过安全限制漏洞
BUGTRAQ ID: 29448 LokiCMS是一款简单易用的网络内容管理系统。 LokiCMS的admin.php文件中存在逻辑错误,如果远程攻击者在所提交的HTTP POST请求中设置了LokiACTION和其他参数的话,则无需管理权限就可以设置CMS main settings。 以下是有漏洞的代码段: admin.php Lines:24-42 if isset $POST && isset $POST'LokiACTION' && strlen trim $POST'LokiACTION' 0 // we have an action to do switch trim...