Multiple vulnerabilities in u5CMS

Описание

Multiple serious vulnerabilities have been found in u5CMS. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute or inject arbitrary code and write local files.

Below is a complete list of vulnerabilities

1. Open redirect vulnerabilities can be exploited remotely via a specially designed cookie;
2. Directore traversal vulnerability can be exploited remotely via a specially designed file parameter;
3. Lack of input restrictions can be exploited remotely via vrctors related to pages copy2.php, localize.php, metai.php, nc.php, new2.php, u5admin/rename2.php, u5admin/editor.php, u5admin/meta2.php, u5admin/rename2.php

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

• u5CMS

Список CVE

• CVE-2015-1575
  warning
• CVE-2015-1576
  high
• CVE-2015-1577
  high
• CVE-2015-1578
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com