Unrated severityNVD Advisory· Published Mar 26, 2010· Updated Apr 29, 2026

CVE-2010-0988

Description

Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php.

Affected products

Pulsecms/Pulse CMS10 versions
cpe:2.3:a:pulsecms:pulse_cms:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:pulsecms:pulse_cms:*:*:*:*:*:*:*:*range: <=1.2.2
- cpe:2.3:a:pulsecms:pulse_cms:1.0:-:*:*:*:*:*:*
- cpe:2.3:a:pulsecms:pulse_cms:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:pulsecms:pulse_cms:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:pulsecms:pulse_cms:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:pulsecms:pulse_cms:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:pulsecms:pulse_cms:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:pulsecms:pulse_cms:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:pulsecms:pulse_cms:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:pulsecms:pulse_cms:1.2.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/39011nvdVendor Advisory
secunia.com/secunia_research/2010-45/nvdVendor Advisory
secunia.com/secunia_research/2010-51/nvdVendor Advisory
www.osvdb.org/63166nvd
www.osvdb.org/63168nvd
www.securityfocus.com/archive/1/510299/100/0/threadednvd
www.securityfocus.com/archive/1/510300/100/0/threadednvd
www.securityfocus.com/bid/38956nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000