Description

CMS Made Simple 0.10 Remote File Inclusion (admin/lang.php)

Remediation

Update to CMS Made Simple 0.11 or later.

References

http://www.securityfocus.com/archive/1/409654

http://www.securityfocus.com/bid/14709/info

http://www.cvedetails.com/cve/CVE-2005-2846/

Related Vulnerabilities

WordPress Plugin Zingiri Web Shop 'abspath' Parameter Remote File Include (2.4.6)

WordPress Plugin Booking Calendar Local File Inclusion (7.0)

WordPress Plugin Dropbox Folder Share Local File Inclusion (1.9.7)

SAP B2B/B2C CRM Local File Inclusion

WordPress Plugin Shariff Wrapper Local File Inclusion (4.6.13)

Severity

High

Classification

CVE-2005-2846 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

File Inclusion