CMS Made Simple 'modules/Printing/output.php' Local File Include Vulnerability

Published: 2010-08-26 13:28:03

CVSS Base Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Solution Type:
Vendor Patch

Detection Type:
Remote Vulnerability

Impact:
Successful exploitation will allow attacker to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process.

Affected Versions:
CMS Made Simple version 1.6.2

Technical Details:
The flaw is caused by improper validation of user-supplied input via the 'url' parameter to 'modules/Printing/output.php' that allows remote attackers to view files and execute local scripts in the context of the webserver.

Recommendations:
Upgrade CMS Made Simple Version 1.6.3 or later.

Summary:
This host is running CMS Made Simple and is prone to local file inclusion vulnerability.

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/36005

References:

http://www.cmsmadesimple.org/2009/08/05/announcing-cmsms-163-touho/
http://www.cmsmadesimple.org/downloads/

Search
Severity
Medium
CVSS Score
6.8

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.