CVE-2010-0988

Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pulsecms:pulse_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.0:-:*:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.1:*:*:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.01:*:*:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.2:*:*:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.15:*:*:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.16:*:*:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.17:*:*:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.18:*:*:*:*:*:*:*

History

21 Nov 2024, 01:13

Type Values Removed Values Added
References () http://secunia.com/advisories/39011 - Vendor Advisory () http://secunia.com/advisories/39011 - Vendor Advisory
References () http://secunia.com/secunia_research/2010-45/ - Vendor Advisory () http://secunia.com/secunia_research/2010-45/ - Vendor Advisory
References () http://secunia.com/secunia_research/2010-51/ - Vendor Advisory () http://secunia.com/secunia_research/2010-51/ - Vendor Advisory
References () http://www.osvdb.org/63166 - () http://www.osvdb.org/63166 -
References () http://www.osvdb.org/63168 - () http://www.osvdb.org/63168 -
References () http://www.securityfocus.com/archive/1/510299/100/0/threaded - () http://www.securityfocus.com/archive/1/510299/100/0/threaded -
References () http://www.securityfocus.com/archive/1/510300/100/0/threaded - () http://www.securityfocus.com/archive/1/510300/100/0/threaded -
References () http://www.securityfocus.com/bid/38956 - () http://www.securityfocus.com/bid/38956 -

Information

Published : 2010-03-26 18:30

Updated : 2024-11-21 01:13


NVD link : CVE-2010-0988

Mitre link : CVE-2010-0988

CVE.ORG link : CVE-2010-0988


JSON object : View

Products Affected

pulsecms

  • pulse_cms
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')