Summary
Pulse CMS Basic is prone to a local file-include vulnerability.
An attacker can exploit this issue to include arbitrary local files and execute PHP code on the affected computer in the context of the webserver process. This may facilitate a compromise of the application and the underlying system
other attacks are also possible.
Pulse CMS Basic 1.2.8 is vulnerable
other versions may also be
affected.
Solution
Reportedly, the issue is fixed in version 1.2.9, but Symantec has not confirmed this. Please contact the vendor for more information.
References
Severity
Classification
-
CVE CVE-2010-4330 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- A Really Simple Chat Multiple XSS Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Apache Subversion Module Metadata Accessible
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities