vendor:
LoveCMS
by:
7.5
CVSS
HIGH
Arbitrary File Upload, Remote File Include, Local File Include, Cross-Site Scripting
CWE
Product Name: LoveCMS
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Multiple Input-Validation Vulnerabilities in LoveCMS
An attacker can steal authentication credentials, upload arbitrary PHP files, execute files on the vulnerable system, retrieve arbitrary files, and delete files on the server.
Mitigation:
Implement input validation and sanitize user input. Apply security patches and updates.