Back to search
CVE-2008-2650
Published: Jun 10, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
30463
third-party-advisory
x_refsource_SECUNIA
45881
vdb-entry
x_refsource_OSVDB
cmsimple-index-file-include(42792)
vdb-entry
x_refsource_XF
29450
vdb-entry
x_refsource_BID
5700
exploit
x_refsource_EXPLOIT-DB
cmsimple-index-file-upload(42793)
vdb-entry
x_refsource_XF
http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now