‘Pulse CMS Arbitrary File Deletion Vulnerability’
‘The original article can be found at: http://secunia.com/secunia_research/2010-48/‘
* Pulse CMS basic version 1.2.2
* Pulse CMS basic version 1.2.3
Input passed via the ‘f’ parameter to delete.php is not properly sanitised before deleting files. This can be exploited to delete arbitrary files with the permissions of the web server via directory traversal attacks.
Successful exploitation requires authentication.
19/03/2010 – Vendor notified.
19/03/2010 – Vendor response.
24/03/2010 – Public disclosure.’