PT-2011-2417 · Lotus · Lotuscms Fraise

Mr_Me

Published

2011-01-20

Updated

2017-08-17

CVE-2011-0518

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions LotusCMS Fraise version 3.0

Description A directory traversal issue exists in the core/lib/router.php file of LotusCMS Fraise. This issue allows remote attackers to include and execute arbitrary local files when the magic quotes gpc setting is disabled. The vulnerability can be exploited via the system parameter to the "index.php" endpoint.

Recommendations For LotusCMS Fraise version 3.0, consider disabling the magic quotes gpc setting or restricting access to the system parameter in the "index.php" endpoint until a patch is available. As a temporary workaround, restrict the execution of arbitrary local files to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2011-0518

Affected Products

Lotuscms Fraise

PT-2011-2417 · Lotus · Lotuscms Fraise

CVE-2011-0518

Weakness Enumeration

Related Identifiers

Affected Products

References · 9