PT-2010-4851 · Primitive · Primitive Cms
Stephan Sattler
·
Published
2010-09-22
·
Updated
2010-09-23
·
CVE-2010-3483
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Primitive CMS version 1.0.9
Description
The issue allows remote attackers to gain administrative privileges via a direct request to the cms write.php file, which does not properly restrict access. This can be leveraged to conduct cross-site scripting attacks using the
title, content, and menutitle parameters.Recommendations
For Primitive CMS version 1.0.9, restrict access to the cms write.php file to prevent unauthorized requests. As a temporary workaround, consider disabling the cms write.php file until a patch is available. Avoid using the
title, content, and menutitle parameters in the affected API endpoint until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Primitive Cms