Vulnerabilities > CVE-2022-24609 - Incorrect Authorization vulnerability in Luocms Project Luocms 2.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
luocms-project
CWE-863
critical

Summary

Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file.

Vulnerable Configurations

Part Description Count
Application
Luocms_Project
1

Common Weakness Enumeration (CWE)