Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by people to compromise a vulnerable system. An error within includes/login.php in the handling of failed login attempts can be exploited to store content in an arbitrary file within the web root. This e.g. allows executing arbitrary PHP code via a specially crafted request. Successful exploitation requires that “register_globals” is enabled.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/87597/secunia-pulselogin.txt
Source: https://packetstormsecurity.com/files/87597/Pulse-CMS-login.php-Arbitrary-File-Writing.html