CMS Made Simple < 1.8.1 Local File Include Vulnerability

High Nessus Network Monitor Plugin ID 5598


The remote web server is running a PHP application that is affected by a local file include vulnerability.


The remote host is running CMS Made Simple, a web-based content-management application written in PHP.

Versions of CMS Made Simple earlier than 1.8.1 are potentially affected by a local file include vulnerability because the application fails to properly sanitize user supplied input to the 'default_lang' parameter of the 'translation.functions.php' script. A remote, authenticated attacker, exploiting this flaw could execute arbitrary code subject to the privileges of the user running the affected web server.


Upgrade to CMS Made Simple 1.8.1 or later.

See Also

Plugin Details

Severity: High

ID: 5598

Family: CGI

Published: 2010/07/14

Modified: 2016/01/25

Dependencies: 1442

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND


Base Score: 6.3

Temporal Score: 6.2


Temporal Vector: CVSS3#E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:cmsmadesimple:cms_made_simple

Patch Publication Date: 2010/07/13

Vulnerability Publication Date: 2010/07/11

Reference Information

BID: 41565