Description
CMS Made Simple 0.10 Remote File Inclusion (admin/lang.php)
Remediation
Update to CMS Made Simple 0.11 or later.
References
Related Vulnerabilities
Zend Framework local file disclosure via XXE injection
WordPress Plugin myFlash Remote File Include (1.10)
WordPress Plugin Tera Charts Multiple Local File Inclusion Vulnerabilities (0.1)
WordPress Plugin Zingiri Web Shop 'wpabspath' Parameter Remote File Include (2.2.0)
WordPress Plugin WP with Spritz Local/Remote File Inclusion (1.0)