Description

CMS Made Simple 0.10 Remote File Inclusion (admin/lang.php)

Remediation

Update to CMS Made Simple 0.11 or later.

References

http://www.securityfocus.com/archive/1/409654

http://www.securityfocus.com/bid/14709/info

http://www.cvedetails.com/cve/CVE-2005-2846/

Related Vulnerabilities

WordPress Plugin Post Recommendations for WordPress 'api.php' Remote File Include (1.1.2)

WordPress Plugin Advanced Classifieds & Directory Pro Local File Inclusion (3.1.3)

WordPress Plugin JetWidgets for Elementor and WooCommerce Local File Inclusion (1.1.7)

WordPress Plugin Gwolle Guestbook Remote File Inclusion (1.5.3)

WordPress Plugin MDC YouTube Downloader Local File Inclusion (2.1.0)

Severity

High

Classification

CVE-2005-2846 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

File Inclusion