CVE-2010-0988

high

Description

Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.

References

http://www.securityfocus.com/bid/38956

http://www.securityfocus.com/archive/1/510300/100/0/threaded

http://www.securityfocus.com/archive/1/510299/100/0/threaded

http://www.osvdb.org/63168

http://www.osvdb.org/63166

http://secunia.com/secunia_research/2010-51/

http://secunia.com/secunia_research/2010-45/

http://secunia.com/advisories/39011

Details

Source: Mitre, NVD

Published: 2010-03-26

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00927