Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6643

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-6643
Last Modified 19 Aug 2009 01:24:12
Published 07 Apr 2009 10:17:17
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6643

Summary

LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.

Vulnerable Systems

Application

  • Lokicms 0.3.4


References

XF - lokicms-admin-security-bypass(42766)

BID - 29448

BUGTRAQ - 20080531 LokiCMS Multiple Vulnerabilities through Authorization weakness

OSVDB - 45866


Last Updated: 27 May 2016 10:49:16