Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Local File Inclusion (CMS Made Simple)

Description

CMS Made Simple 2.2.1 Local File Inclusion

Remediation

Update to CMS Made Simple 2.2.2 or later.

References

http://www.cmsmadesimple.org/2017/07/Announcing-CMSMS-2.2.2-Hearts-Content

Related Vulnerabilities

WordPress Plugin BackWPup 'wp_export_generate.php' Local and Remote File Include Vulnerabilities (2.1.4)

ZenCart Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-11675)

WordPress Plugin WP Fastest Cache Local File Inclusion (0.8.5.9)

WordPress Plugin Easy Forms for MailChimp Local File Inclusion (6.0.5.5)

WordPress Plugin Last.fm Rotation Local File Inclusion (1.0)

Severity

Medium

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

File Inclusion