KLA10500
Multiple vulnerabilities in u5CMS

Обновлено: 18/06/2020
Дата обнаружения
11/02/2015
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in u5CMS. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute or inject arbitrary code and write local files.

Below is a complete list of vulnerabilities

  1. Open redirect vulnerabilities can be exploited remotely via a specially designed cookie;
  2. Directore traversal vulnerability can be exploited remotely via a specially designed file parameter;
  3. Lack of input restrictions can be exploited remotely via vrctors related to pages copy2.php, localize.php, metai.php, nc.php, new2.php, u5admin/rename2.php, u5admin/editor.php, u5admin/meta2.php, u5admin/rename2.php
Пораженные продукты

u5CMS versions earlier than 3.9.4

Решение

Update to latest version!
Get u5CMS

Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

CI 
[?]

WLF 
[?]
Связанные продукты
u5CMS
CVE-IDS
CVE-2015-15754.3Warning
CVE-2015-15767.5Critical
CVE-2015-15776.4High
CVE-2015-15785.8High
Эксплуатация

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/36029

https://www.exploit-db.com/exploits/36026

Узнай статистику распространения уязвимостей в твоем регионе