Detections
Analytics

CMS Made Simple < 1.6.3 Local File Include Vulnerability

medium Nessus Network Monitor Plugin ID 5123

Synopsis

The remote web server is running a PHP application that is affected by an information disclosure vulnerability.

Description

The remote host is running CMS Made Simple, a web-based content manager written in PHP. The installed version of CMS Made Simple is earlier than 1.6.2. Such versions are potentially affected by an information disclosure vulnerability because they fail to properly sanitize user supplied data to the 'url' parameter of the 'modules/Printing/output.php' script.

Solution

Upgrade to CMS Made Simple 1.6.3 or later.

See Also

https://www.ihteam.net/selfexploit/en/show-src.php?id=587

http://blog.cmsmadesimple.org/2009/08/05/announcing-cmsms-163-touho

http://dev.cmsmadesimple.org/bug/view/3798

Plugin Details

Severity: Medium

ID: 5123

Family: CGI

Published: 8/10/2009

Updated: 3/6/2019

Nessus ID: 40551

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cmsmadesimple:cms_made_simple

Patch Publication Date: 8/5/2009

Vulnerability Publication Date: 8/5/2009

Reference Information

BID: 36005