Published: 10/06/2008 Updated: 29/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cmsimple cmsimple 3.1

<pre> # # CMSimple 31 Local File Inclusion / Arbitrary File Upload # download: wwwcmsimpleorg/?Downloads # dork: "Powered by CMSimple" # # author: irk4z@yahoopl # homepage: irk4zwordpresscom # Local File Inclusion : [host]/[path]/indexphp?sl=[file]%00 [host]/[path]/indexphp?sl=///////etc/ ...

CWE-22 http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17 http://www.securityfocus.com/bid/29450 http://secunia.com/advisories/30463 http://osvdb.org/45881 https://exchange.xforce.ibmcloud.com/vulnerabilities/42793 https://exchange.xforce.ibmcloud.com/vulnerabilities/42792 https://www.exploit-db.com/exploits/5700 https://nvd.nist.gov https://www.exploit-db.com/exploits/5700/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-2650

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect