CVE-2010-3483
published 2010-09-22CVE-2010-3483: cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.34%
81.5th percentile
cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bouzouste | primitive_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7j4h-3gjv-68v3: cms_write
ghsa_unreviewed·2022-05-17
CVE-2010-3483 [HIGH] GHSA-7j4h-3gjv-68v3: cms_write
cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters.
GHSA
GHSA-c999-27cf-hx87: Multiple SQL injection vulnerabilities in cms_write
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-3482 [HIGH] CWE-89 GHSA-c999-27cf-hx87: Multiple SQL injection vulnerabilities in cms_write
Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.org/1009-exploits/primitive-sqlxss.txthttp://secunia.com/advisories/41515http://www.exploit-db.com/exploits/15064http://www.vupen.com/english/advisories/2010/2458http://packetstormsecurity.org/1009-exploits/primitive-sqlxss.txthttp://secunia.com/advisories/41515http://www.exploit-db.com/exploits/15064http://www.vupen.com/english/advisories/2010/2458
2010-09-22
Published