Описание
LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:lovecms:lovecms:1.6.2:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.15097
Средний
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors.
EPSS
Процентиль: 94%
0.15097
Средний
7.5 High
CVSS2
Дефекты
CWE-94