Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6643


Vulnerability Score 5.0 5.0
CVE Id CVE-2008-6643
Last Modified 19 Aug 2009 01:24:12
Published 07 Apr 2009 10:17:17
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.

Vulnerable Systems


  • Lokicms 0.3.4


XF - lokicms-admin-security-bypass(42766)

BID - 29448

BUGTRAQ - 20080531 LokiCMS Multiple Vulnerabilities through Authorization weakness

OSVDB - 45866

Last Updated: 27 May 2016 10:49:16