N/A

Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.

N/A

N/A

Pulse CMS 多个PHP代码注入漏洞

Pulse是一个Web应用程序开发框架和门户网站搭建解决方案。 Pulse CMS存在多个PHP代码注入漏洞。(1)由于没有合适的处理脚本includes/login.php的登录错误信息，远程攻击者可以借助与此相关的向量，重写任意文件和执行任意的PHP代码。(2)远程认证用户可以借助与脚本view.php的filename和block参数相关联的向量，重写任意文件和执行任意的PHP代码。

N/A

N/A