Detections
Analytics
CMS Made Simple < 1.8.1 Local File Include Vulnerability
medium Nessus Network Monitor Plugin ID 5598
Synopsis
The remote web server is running a PHP application that is affected by a local file include vulnerability.Description
The remote host is running CMS Made Simple, a web-based content-management application written in PHP.Versions of CMS Made Simple earlier than 1.8.1 are potentially affected by a local file include vulnerability because the application fails to properly sanitize user supplied input to the 'default_lang' parameter of the 'translation.functions.php' script. A remote, authenticated attacker, exploiting this flaw could execute arbitrary code subject to the privileges of the user running the affected web server.
Solution
Upgrade to CMS Made Simple 1.8.1 or later.See Also
http://www.cmsmadesimple.org/2010/07/3/announcing-cms-made-simple-1-8-1-mankara
http://downloads.securityfocus.com/vulnerabilities/exploits/41565.py
Plugin Details
Severity: Medium
ID: 5598
Family: CGI
Published: 7/14/2010
Updated: 3/6/2019
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 7.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.3
Temporal Score: 6.2
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X
Vulnerability Information
CPE: cpe:/a:cmsmadesimple:cms_made_simple
Patch Publication Date: 7/13/2010
Vulnerability Publication Date: 7/11/2010
Reference Information
BID: 41565