LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote malicious users to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lokicms lokicms 0.3.4 |