Description

CMS Made Simple 0.10 Remote File Inclusion (admin/lang.php)

Remediation

Update to CMS Made Simple 0.11 or later.

References

http://www.securityfocus.com/archive/1/409654

http://www.securityfocus.com/bid/14709/info

http://www.cvedetails.com/cve/CVE-2005-2846/

Related Vulnerabilities

WordPress Plugin Last.fm Rotation Local File Inclusion (1.0)

WordPress Plugin Sina Extension for Elementor Local File Inclusion (2.2.0)

WordPress Plugin Spellchecker 'general.php' Local and Remote File Include Vulnerabilities (3.1)

WordPress Plugin WP Easy Stats 'homep' Parameter Remote File Include (1.8)

WordPress Plugin Customer Reviews for WooCommerce Local File Inclusion (5.15.0)

Severity

High

Classification

CVE-2005-2846 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

File Inclusion