PT-2010-3639 · Lokomedia · Lokomedia Cms
Published
2010-05-24
·
Updated
2010-05-24
·
CVE-2010-2019
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Lokomedia CMS version 1.4.1
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the file parameter in the downlot.php file when magic quotes gpc is disabled.
Recommendations
For Lokomedia CMS version 1.4.1, consider disabling the downlot.php file or restricting access to it until a patch is available. Additionally, enabling magic quotes gpc can help mitigate the risk of exploitation.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lokomedia Cms