ID CVE-2005-2846
Summary PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2016 - 03:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 14709
bugtraq 20050831 CMS Made Simple <= 0.10 - PHP injection
confirm http://forum.cmsmadesimple.org/index.php/topic,1549.0.html
secunia 16654
Last major update 18-10-2016 - 03:30
Published 08-09-2005 - 10:03
Last modified 18-10-2016 - 03:30
Back to Top