CVE-2008-6643

Lokicms - Access Control

Title source: rule

Description

LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by girex · perlwebappsphp

https://www.exploit-db.com/exploits/6743

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://osvdb.org/45866

[Exploit] http://www.securityfocus.com/bid/29448

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42766

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/492877/100/0/threaded

Scores

EPSS 0.0180

EPSS Percentile 82.8%

Details

CWE

CWE-264

Status published

Products (1)

lokicms/lokicms 0.3.4

Published Apr 07, 2009

Tracked Since Feb 18, 2026