CVE-2010-0989

Pulse CMS < 1.2.3 - Authenticated Path Traversal via Delete.php f Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/63167
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/510307/100/0/threaded
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2010-48/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38947
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39011

Scores

EPSS 0.0127
EPSS Percentile 66.2%

Details

CWE
CWE-22
Status published
Products (10)
pulsecms/pulse_cms 1.0
pulsecms/pulse_cms 1.1
pulsecms/pulse_cms 1.01
pulsecms/pulse_cms 1.2
pulsecms/pulse_cms 1.2.1
pulsecms/pulse_cms 1.15
pulsecms/pulse_cms 1.16
pulsecms/pulse_cms 1.17
pulsecms/pulse_cms 1.18
pulsecms/pulse_cms < 1.2.2
Published Mar 26, 2010
Tracked Since Feb 18, 2026