‘Pulse CMS Arbitrary File Writing Vulnerability’

Summary

A vulnerability was discovered in Pulse CMS, which can be exploited by malicious users to compromise a vulnerable system.’

Credit:

‘The original article can be found at: http://secunia.com/secunia_research/2010-51/


Details

Vulnerable Systems:
 * Pulse CMS basic version 1.2.2

Immune Systems:
 * Pulse CMS basic version 1.2.3

Input passed via the ‘filename’ and ‘block’ parameters to view.php is not properly sanitised before being used to write to a file. This can be exploited to write arbitrary content to an arbitrary file via a specially crafted POST request and allows executing arbitrary PHP code.

Successful exploitation requires authentication.

CVE Information:
CVE-2010-0988

Disclosure Timeline:
19/03/2010 – Vendor notified.
19/03/2010 – Vendor response.
24/03/2010 – Public disclosure.’

Categories: UNIX