Description

CMS Made Simple 2.2.1 Local File Inclusion

Remediation

Update to CMS Made Simple 2.2.2 or later.

References

http://www.cmsmadesimple.org/2017/07/Announcing-CMSMS-2.2.2-Hearts-Content

Related Vulnerabilities

WordPress Plugin Zingiri Web Shop 'abspath' Parameter Remote File Include (2.4.6)

WordPress Plugin WordPress Popular Posts Multiple Vulnerabilities (5.3.2)

WordPress plugin Slider Revolution arbitrary file disclosure

WordPress Plugin Subscribe Form Remote Command Execution (1.1)

WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0)

Severity

Medium

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

File Inclusion