Wili-CMS Remote And Local File Inclusion And Authentication Bypass Network Vulnerability

Summary

Wili-CMS is prone to a remote and local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue can allow an attacker to compromise the application and the underlying computer other attacks are also possible. Wili-CMS is also prone to a Authentication Bypass which allows a guest to login as admin.

Solution

Upgrade to a newer version if available at http://wili-cms.sourceforge.net/

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 Redirection and Security Bypass Vulnerabilities
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
ApPHP MicroBlog Remote Code Execution Vulnerability
Astium VoIP PBX SQL Injection Vulnerability

Wili-CMS remote and local File Inclusion and Authentication Bypass

Take action and discover your vulnerabilities