Pulse CMS Basic Local File Include Vulnerability Network Vulnerability

Summary

Pulse CMS Basic is prone to a local file-include vulnerability. An attacker can exploit this issue to include arbitrary local files and execute PHP code on the affected computer in the context of the webserver process. This may facilitate a compromise of the application and the underlying system other attacks are also possible. Pulse CMS Basic 1.2.8 is vulnerable other versions may also be affected.

Solution

Reportedly, the issue is fixed in version 1.2.9, but Symantec has not confirmed this. Please contact the vendor for more information.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4330
http://pulsecms.com/
http://www.uncompiled.com/2010/12/pulse-cms-basic-local-file-inclusion-vulnerability-cve-2010-4330/
https://www.securityfocus.com/bid/45186

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4330

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

7Media Web Solutions EduTrac Directory Traversal Vulnerability
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
Apache Archiva Multiple Vulnerabilities

Take action and discover your vulnerabilities