Published: 22/01/2011 Updated: 09/10/2018

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 605

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Static code injection vulnerability in Simploo CMS 1.7.1 and previous versions allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
simploo simploo cms
simploo simploo cms 1.5.0
simploo simploo cms 1.3.0
simploo simploo cms 1.2.0
simploo simploo cms 1.7.0
simploo simploo cms 1.5.2

Simploo CMS Community Edition - Remote PHP Code Execution Issue Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: wwwsimploode/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of MajorSecurity Affected Products: ============= Simploo CM ...

CWE-94 http://osvdb.org/70487 http://secunia.com/advisories/42953 http://www.securityfocus.com/bid/45906 http://www.exploit-db.com/exploits/16016 https://exchange.xforce.ibmcloud.com/vulnerabilities/64826 http://www.securityfocus.com/archive/1/515809/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/16016/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-0635

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect