CMS Made Simple 'modules/Printing/output.php' Local File Include Vulnerability Network Vulnerability

Summary

This host is running CMS Made Simple and is prone to local file inclusion vulnerability.

Impact

Successful exploitation will allow attacker to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. Impact Level: Application/System

Solution

Upgrade CMS Made Simple Version 1.6.3 or later, For updates refer to http://www.cmsmadesimple.org/downloads/

Insight

The flaw is caused by improper validation of user-supplied input via the 'url' parameter to 'modules/Printing/output.php' that allows remote attackers to view files and execute local scripts in the context of the webserver.

Affected

CMS Made Simple version 1.6.2

References

http://www.cmsmadesimple.org/2009/08/05/announcing-cmsms-163-touho/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
aeNovo Database Content Disclosure Vulnerability
Apache Subversion Module Metadata Accessible
AMSI 'file' Parameter Directory Traversal Vulnerability

Take action and discover your vulnerabilities