Description
Multiple serious vulnerabilities have been found in u5CMS. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute or inject arbitrary code and write local files.
Below is a complete list of vulnerabilities
- Open redirect vulnerabilities can be exploited remotely via a specially designed cookie;
- Directore traversal vulnerability can be exploited remotely via a specially designed file parameter;
- Lack of input restrictions can be exploited remotely via vrctors related to pages copy2.php, localize.php, metai.php, nc.php, new2.php, u5admin/rename2.php, u5admin/editor.php, u5admin/meta2.php, u5admin/rename2.php
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
- CVE-2015-1575 warning
- CVE-2015-1576 critical
- CVE-2015-1577 high
- CVE-2015-1578 high
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!