Wili-CMS Remote And Local File Inclusion And Authentication Bypass Network Vulnerability

Summary

Wili-CMS is prone to a remote and local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue can allow an attacker to compromise the application and the underlying computer other attacks are also possible. Wili-CMS is also prone to a Authentication Bypass which allows a guest to login as admin.

Solution

Upgrade to a newer version if available at http://wili-cms.sourceforge.net/

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
A Really Simple Chat Multiple SQL Injection Vulnerabilities
Apache Struts ClassLoader Manipulation Vulnerabilities
Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability

Wili-CMS remote and local File Inclusion and Authentication Bypass

Take action and discover your vulnerabilities