KLA10500
Multiple vulnerabilities in u5CMS
Updated: 06/01/2019
Detect date
?
02/11/2015
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in u5CMS. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute or inject arbitrary code and write local files.

Below is a complete list of vulnerabilities

  1. Open redirect vulnerabilities can be exploited remotely via a specially designed cookie;
  2. Directore traversal vulnerability can be exploited remotely via a specially designed file parameter;
  3. Lack of input restrictions can be exploited remotely via vrctors related to pages copy2.php, localize.php, metai.php, nc.php, new2.php, u5admin/rename2.php, u5admin/editor.php, u5admin/meta2.php, u5admin/rename2.php
Affected products

u5CMS versions earlier than 3.9.4

Solution

Update to latest version!
Get u5CMS

Impacts
?
ACE 
[?]

OSI 
[?]

CI 
[?]

WLF 
[?]
CVE-IDS
?
CVE-2015-15754.3Warning
CVE-2015-15767.5Critical
CVE-2015-15776.4High
CVE-2015-15785.8High