Vulnerability CVE-2008-6643
Published: 2009-04-07   Modified: 2012-02-12

Description:
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
LokiCMS Multiple Vulnerabilities through Authorization weakness
Alireza Hassani
02.06.2008

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Lokicms -> Lokicms 

 References:
http://www.securityfocus.com/archive/1/492877/100/0/threaded
http://www.securityfocus.com/bid/29448
https://exchange.xforce.ibmcloud.com/vulnerabilities/42766
Copyright 2024, cxsecurity.com

 

Back to Top