Description CMS Made Simple 0.10 Remote File Inclusion (admin/lang.php) Remediation Update to CMS Made Simple 0.11 or later. References http://www.securityfocus.com/archive/1/409654 http://www.securityfocus.com/bid/14709/info http://www.cvedetails.com/cve/CVE-2005-2846/ Related Vulnerabilities WordPress Plugin Disclosure Policy 'abspath' Parameter Remote File Include (1.0) WordPress Plugin Spellchecker 'general.php' Local and Remote File Include Vulnerabilities (3.1) WordPress Plugin Ruben Boelinger wordTube 'wpPATH' Parameter Multiple Remote File Include Vulnerabilities (1.43) Umbraco CMS local file inclusion WordPress Plugin PictPress 'resize.php' Multiple Local File Include Vulnerabilities (1.0) Severity High Classification CVE-2005-2846 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N Tags File Inclusion