← back
CVE-2008-3509

CVE-2008-3509

EPSS 3.4%
LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/6210unverifiedcve_referencewww.exploit-db.com/exploits/6209unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/31389https://exchange.xforce.ibmcloud.com/vulnerabilities/44226https://exchange.xforce.ibmcloud.com/vulnerabilities/44227https://www.exploit-db.com/exploits/6209https://www.exploit-db.com/exploits/6210http://www.securityfocus.com/bid/30562