PT-2008-6091 · Lokicms · Lokicms
Condemned
·
Published
2008-11-04
·
Updated
2017-09-29
·
CVE-2008-4913
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
LokiCMS versions 0.3.3 and earlier
Description
The issue allows remote attackers to delete arbitrary files by exploiting a directory traversal vulnerability in the admin.php file. This is achieved by using a .. (dot dot) in the
delete parameter.Recommendations
For LokiCMS versions 0.3.3 and earlier, update to a version later than 0.3.3 to resolve the issue.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lokicms