Lucene search

FlexeraCVE-2010-0989

HistoryMar 26, 2010 - 6:30 p.m.

CVE-2010-0989

2010-03-2618:30:00

CWE-22

flexera

web.nvd.nist.gov

cve-2010-0989

directory traversal

pulse cms

security vulnerability

delete.php

remote authentication

nvd

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

60.0%

JSON

Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter.

Affected configurations

Nvd

Node

pulsecmspulse_cmsRange≤1.2.2

pulsecmspulse_cmsMatch1.0-

pulsecmspulse_cmsMatch1.1

pulsecmspulse_cmsMatch1.01

pulsecmspulse_cmsMatch1.2

pulsecmspulse_cmsMatch1.2.1

pulsecmspulse_cmsMatch1.15

pulsecmspulse_cmsMatch1.16

pulsecmspulse_cmsMatch1.17

pulsecmspulse_cmsMatch1.18

VendorProductVersionCPE
pulsecmspulse_cms*cpe:2.3:a:pulsecms:pulse_cms:*:*:*:*:*:*:*:*
pulsecmspulse_cms1.0cpe:2.3:a:pulsecms:pulse_cms:1.0:-:*:*:*:*:*:*
pulsecmspulse_cms1.1cpe:2.3:a:pulsecms:pulse_cms:1.1:*:*:*:*:*:*:*
pulsecmspulse_cms1.01cpe:2.3:a:pulsecms:pulse_cms:1.01:*:*:*:*:*:*:*
pulsecmspulse_cms1.2cpe:2.3:a:pulsecms:pulse_cms:1.2:*:*:*:*:*:*:*
pulsecmspulse_cms1.2.1cpe:2.3:a:pulsecms:pulse_cms:1.2.1:*:*:*:*:*:*:*
pulsecmspulse_cms1.15cpe:2.3:a:pulsecms:pulse_cms:1.15:*:*:*:*:*:*:*
pulsecmspulse_cms1.16cpe:2.3:a:pulsecms:pulse_cms:1.16:*:*:*:*:*:*:*
pulsecmspulse_cms1.17cpe:2.3:a:pulsecms:pulse_cms:1.17:*:*:*:*:*:*:*
pulsecmspulse_cms1.18cpe:2.3:a:pulsecms:pulse_cms:1.18:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pulsecms	pulse_cms	*	cpe:2.3:a:pulsecms:pulse_cms::::::::
pulsecms	pulse_cms	1.0	cpe:2.3:a:pulsecms:pulse_cms:1.0:-::::::
pulsecms	pulse_cms	1.1	cpe:2.3:a:pulsecms:pulse_cms:1.1:::::::*
pulsecms	pulse_cms	1.01	cpe:2.3:a:pulsecms:pulse_cms:1.01:::::::*
pulsecms	pulse_cms	1.2	cpe:2.3:a:pulsecms:pulse_cms:1.2:::::::*
pulsecms	pulse_cms	1.2.1	cpe:2.3:a:pulsecms:pulse_cms:1.2.1:::::::*
pulsecms	pulse_cms	1.15	cpe:2.3:a:pulsecms:pulse_cms:1.15:::::::*
pulsecms	pulse_cms	1.16	cpe:2.3:a:pulsecms:pulse_cms:1.16:::::::*
pulsecms	pulse_cms	1.17	cpe:2.3:a:pulsecms:pulse_cms:1.17:::::::*
pulsecms	pulse_cms	1.18	cpe:2.3:a:pulsecms:pulse_cms:1.18:::::::*

References

secunia.com/advisories/39011

secunia.com/secunia_research/2010-48/

www.osvdb.org/63167

www.securityfocus.com/archive/1/510307/100/0/threaded

www.securityfocus.com/bid/38947

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

60.0%

JSON

Related for CVE-2010-0989