Detections
Analytics

CMS Made Simple < 1.8.1 Local File Include Vulnerability

medium Nessus Network Monitor Plugin ID 5598

Synopsis

The remote web server is running a PHP application that is affected by a local file include vulnerability.

Description

The remote host is running CMS Made Simple, a web-based content-management application written in PHP.

Versions of CMS Made Simple earlier than 1.8.1 are potentially affected by a local file include vulnerability because the application fails to properly sanitize user supplied input to the 'default_lang' parameter of the 'translation.functions.php' script. A remote, authenticated attacker, exploiting this flaw could execute arbitrary code subject to the privileges of the user running the affected web server.

Solution

Upgrade to CMS Made Simple 1.8.1 or later.

See Also

http://www.cmsmadesimple.org/2010/07/3/announcing-cms-made-simple-1-8-1-mankara

http://downloads.securityfocus.com/vulnerabilities/exploits/41565.py

Plugin Details

Severity: Medium

ID: 5598

Family: CGI

Published: 7/14/2010

Updated: 3/6/2019

Vulnerability Information

CPE: cpe:/a:cmsmadesimple:cms_made_simple

Patch Publication Date: 7/13/2010

Vulnerability Publication Date: 7/11/2010

Reference Information

BID: 41565