Описание
Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php.
Ссылки
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.8 (включая)
Одно из
cpe:2.3:a:pulsecms:pulse_cms:*:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.0:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.01:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.1:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.2:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.2.1:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.2.2:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.2.3:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.2.4:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.2.5:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.2.6:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.2.7:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.15:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.16:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.17:-:basic:*:*:*:*:*
cpe:2.3:a:pulsecms:pulse_cms:1.18:-:basic:*:*:*:*:*
EPSS
Процентиль: 91%
0.06851
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php.
EPSS
Процентиль: 91%
0.06851
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-22