CMS Made Simple < 1.6.3 Local File Include Vulnerability

Medium Nessus Network Monitor Plugin ID 5123


The remote web server is running a PHP application that is affected by an information disclosure vulnerability.


The remote host is running CMS Made Simple, a web-based content manager written in PHP. The installed version of CMS Made Simple is earlier than 1.6.2. Such versions are potentially affected by an information disclosure vulnerability because they fail to properly sanitize user supplied data to the 'url' parameter of the 'modules/Printing/output.php' script.


Upgrade to CMS Made Simple 1.6.3 or later.

See Also

Plugin Details

Severity: Medium

ID: 5123

File Name: 5123.prm

Family: CGI

Published: 2009/08/10

Modified: 2015/10/30

Dependencies: 1442

Nessus ID: 40551

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 4.9


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cmsmadesimple:cms_made_simple

Patch Publication Date: 2009/08/05

Vulnerability Publication Date: 2009/08/05

Reference Information

BID: 36005