Summary
This host is running CMS Made Simple and is prone to local file inclusion vulnerability.
Impact
Successful exploitation will allow attacker to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process.
Impact Level: Application/System
Solution
Upgrade CMS Made Simple Version 1.6.3 or later,
For updates refer to http://www.cmsmadesimple.org/downloads/
Insight
The flaw is caused by improper validation of user-supplied input via the 'url' parameter to 'modules/Printing/output.php' that allows remote attackers to view files and execute local scripts in the context of the webserver.
Affected
CMS Made Simple version 1.6.2
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Apache Tomcat Directory Listing and File disclosure