vendor:
LokiCMS
by:
__GiReX__
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: LokiCMS
Affected Version From: 2000.3.4
Affected Version To: 2000.3.4
Patch Exists: NO
Related CWE: N/A
CPE: a:lokicms:lokicms:0.3.4
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
LokiCMS 0.3.4 Remote Command Execution Exploit
LokiCMS is still vulnerable to Remote Command Execution. The exploit changed becouse the vars changed but the bugged function is the same: writeconfig(). LokiCMS does not check the access to admin.php via POST.
Mitigation:
Ensure that the application is not vulnerable to Remote Command Execution.