CMS Made Simple 'modules/Printing/output.php' Local File Include Vulnerability

Published: 2010-08-26 13:28:03

CVSS Base Vector:

Solution Type:
Vendor Patch

Detection Type:
Remote Vulnerability

Successful exploitation will allow attacker to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process.

Affected Versions:
CMS Made Simple version 1.6.2

Technical Details:
The flaw is caused by improper validation of user-supplied input via the 'url' parameter to 'modules/Printing/output.php' that allows remote attackers to view files and execute local scripts in the context of the webserver.

Upgrade CMS Made Simple Version 1.6.3 or later.

This host is running CMS Made Simple and is prone to local file inclusion vulnerability.

SecurityFocus Bugtraq ID:


CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.