‘Pulse CMS login.php Arbitrary File Writing Vulnerability’

Summary

A vulnerability was discovered in Pulse CMS, which can be exploited by malicious users to compromise a vulnerable system.’

Credit:

‘The original article can be found at: http://secunia.com/secunia_research/2010-45/


Details

Vulnerable Systems:
 * Pulse CMS basic version 1.2.2

Immune Systems:
 * Pulse CMS basic version 1.2.3

An error within includes/login.php in the handling of failed login attempts can be exploited to store content in an arbitrary file within the web root. This e.g. allows executing arbitrary PHP code via a specially crafted request.

Successful exploitation requires that ‘register_globals’ is enabled.

CVE Information:
CVE-2010-0988

Disclosure Timeline:
19/03/2010 – Vendor notified.
19/03/2010 – Vendor response.
24/03/2010 – Public disclosure.’

Categories: UNIX