KLA10500
Multiple vulnerabilities in u5CMS
Обновлено: 17/06/2019
Дата обнаружения
11/02/2015
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in u5CMS. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute or inject arbitrary code and write local files.

Below is a complete list of vulnerabilities

  1. Open redirect vulnerabilities can be exploited remotely via a specially designed cookie;
  2. Directore traversal vulnerability can be exploited remotely via a specially designed file parameter;
  3. Lack of input restrictions can be exploited remotely via vrctors related to pages copy2.php, localize.php, metai.php, nc.php, new2.php, u5admin/rename2.php, u5admin/editor.php, u5admin/meta2.php, u5admin/rename2.php
Пораженные продукты

u5CMS versions earlier than 3.9.4

Решение

Update to latest version!
Get u5CMS

Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

CI 
[?]

WLF 
[?]
CVE-IDS
CVE-2015-15754.3Warning
CVE-2015-15767.5Critical
CVE-2015-15776.4High
CVE-2015-15785.8High