‘Pulse CMS Arbitrary File Writing Vulnerability’
‘The original article can be found at: http://secunia.com/secunia_research/2010-51/‘
* Pulse CMS basic version 1.2.2
* Pulse CMS basic version 1.2.3
Input passed via the ‘filename’ and ‘block’ parameters to view.php is not properly sanitised before being used to write to a file. This can be exploited to write arbitrary content to an arbitrary file via a specially crafted POST request and allows executing arbitrary PHP code.
Successful exploitation requires authentication.
19/03/2010 – Vendor notified.
19/03/2010 – Vendor response.
24/03/2010 – Public disclosure.’