Описание
Multiple serious vulnerabilities have been found in u5CMS. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute or inject arbitrary code and write local files.
Below is a complete list of vulnerabilities
- Open redirect vulnerabilities can be exploited remotely via a specially designed cookie;
- Directore traversal vulnerability can be exploited remotely via a specially designed file parameter;
- Lack of input restrictions can be exploited remotely via vrctors related to pages copy2.php, localize.php, metai.php, nc.php, new2.php, u5admin/rename2.php, u5admin/editor.php, u5admin/meta2.php, u5admin/rename2.php
Первичный источник обнаружения
Эксплуатация
Public exploits exist for this vulnerability.
Связанные продукты
Список CVE
- CVE-2015-1575 warning
- CVE-2015-1576 critical
- CVE-2015-1577 high
- CVE-2015-1578 high
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!