Summary
CMS Lokomedia is prone to a vulnerability that lets attackers download arbitrary files. This issue occurs because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Apache Archiva Multiple Vulnerabilities
- AMSI 'file' Parameter Directory Traversal Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities