Summary
Wili-CMS is prone to a remote and local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue can allow an attacker to compromise the application and the underlying computer
other attacks are also
possible.
Wili-CMS is also prone to a Authentication Bypass which allows a guest to login as admin.
Solution
Upgrade to a newer version if available at http://wili-cms.sourceforge.net/
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
- A Really Simple Chat Multiple SQL Injection Vulnerabilities
- Apache Struts ClassLoader Manipulation Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability