cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote malicious users to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bouzouste primitive cms 1.0.9 |