CVE-2010-0988

Published: Mar 26, 2010Modified: Apr 29, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.

Affected (10)

Products: Pulsecms: Pulse Cms

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Pulsecms Pulse Cms	Up to 1.2.2
Pulsecms Pulse Cms	Version 1.01
Pulsecms Pulse Cms	Version 1.0
Pulsecms Pulse Cms	Version 1.15
Pulsecms Pulse Cms	Version 1.16
Pulsecms Pulse Cms	Version 1.17
Pulsecms Pulse Cms	Version 1.18
Pulsecms Pulse Cms	Version 1.1
Pulsecms Pulse Cms	Version 1.2.1
Pulsecms Pulse Cms	Version 1.2

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (16)

http://secunia.com/advisories/39011

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://secunia.com/secunia_research/2010-45/

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://secunia.com/secunia_research/2010-51/

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://www.osvdb.org/63166

Source: PSIRT-CNA@flexerasoftware.com

http://www.osvdb.org/63168

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/510299/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/510300/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/bid/38956

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/39011

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/secunia_research/2010-45/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/secunia_research/2010-51/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.osvdb.org/63166

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/63168

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/510299/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/510300/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/38956

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.