Vulnerability Details CVE-2005-2846
PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://forum.cmsmadesimple.org/index.php/topic%2C1549.0.html
- http://marc.info/?l=bugtraq&m=112552342004406&w=2
- http://secunia.com/advisories/16654/
- http://www.securityfocus.com/bid/14709
- http://forum.cmsmadesimple.org/index.php/topic%2C1549.0.html
- http://marc.info/?l=bugtraq&m=112552342004406&w=2
- http://secunia.com/advisories/16654/
- http://www.securityfocus.com/bid/14709
Products affected by CVE-2005-2846
-
cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10