Several vulnerabilities in CMS Made Simple 1.1.3.1

2007.10.14

Credit: Omid (omid hackers ir)

Risk: High

Local: No

Remote: Yes

CVE: CVE-2007-5441 | CVE-2007-5442 | CVE-2007-5443 | CVE-2007-5444

CWE: N/A

Hi,
There are several security bugs in CMS Made Simple 1.1.3.1 :
(I am not going to release dangerous and exploitable info here)
1) There is a highly dangerous PHP code execution bug in the script .
2) A registered user can access unauthorized pages . For example he can
upload files to the server, or can make users by posting data to
/admin/adduser.php directly ; Also he can access to admin logs
page (/admin/adminlog.php?page=1) .
3) There are 2 XSS bugs in the script .
4) There are 13 full path disclosure bugs . Direct access to several files
can expose full installation path .
The new version (1.1.4.1) has been released :
http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141
/
- Omid

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Several vulnerabilities in CMS Made Simple 1.1.3.1

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.