CVE-2010-0988

Name of the Vulnerable Software and Affected Versions Pulse CMS versions prior to 1.2.3

Description The issue involves multiple unspecified vulnerabilities. These vulnerabilities allow remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php. Additionally, remote authenticated users can write to arbitrary files and execute arbitrary PHP code via vectors involving the filename and block parameters to view.php.

Recommendations For Pulse CMS versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the includes/login.php and view.php files until a patch is available. Avoid using the filename and block parameters in the view.php file until the issue is resolved.