Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18170
HistoryOct 12, 2007 - 12:00 a.m.

Several vulnerabilities in CMS Made Simple 1.1.3.1

2007-10-1200:00:00
vulners.com
8
JSON

Hi,
There are several security bugs in CMS Made Simple 1.1.3.1 :
(I am not going to release dangerous and exploitable info here)

1) There is a highly dangerous PHP code execution bug in the script .
2) A registered user can access unauthorized pages . For example he can
upload files to the server, or can make users by posting data to
/admin/adduser.php directly ; Also he can access to admin logs
page (/admin/adminlog.php?page=1) .
3) There are 2 XSS bugs in the script .
4) There are 13 full path disclosure bugs . Direct access to several files
can expose full installation path .

The new version (1.1.4.1) has been released :
http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/

  • Omid
JSON