Description

CMS Made Simple 2.2.1 Local File Inclusion

Remediation

Update to CMS Made Simple 2.2.2 or later.

References

http://www.cmsmadesimple.org/2017/07/Announcing-CMSMS-2.2.2-Hearts-Content

Related Vulnerabilities

ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability

vBulletin Pre-Auth RCE Vulnerability

WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)

WordPress Plugin WP ALL Export Pro Multiple Vulnerabilities (1.7.8)

PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-21686)

Severity

Medium

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

File Inclusion