Summary
Wili-CMS is prone to a remote and local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue can allow an attacker to compromise the application and the underlying computer
other attacks are also
possible.
Wili-CMS is also prone to a Authentication Bypass which allows a guest to login as admin.
Solution
Upgrade to a newer version if available at http://wili-cms.sourceforge.net/
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- artmedic_links5 File Inclusion Vulnerability
- b2ePMS Multiple SQL Injection Vulnerabilities
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution