icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

CMS Made Simple < 1.6.3 Local File Include Vulnerability

Medium

Synopsis

The remote web server is running a PHP application that is affected by an information disclosure vulnerability.

Description

The remote host is running CMS Made Simple, a web-based content manager written in PHP. The installed version of CMS Made Simple is earlier than 1.6.2. Such versions are potentially affected by an information disclosure vulnerability because they fail to properly sanitize user supplied data to the 'url' parameter of the 'modules/Printing/output.php' script.

Solution

Upgrade to CMS Made Simple 1.6.3 or later.