CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XCmsimple
APPCmsimple5.4
Powiązane podatności
CMSimple 5.16 — nieautoryzowana edycja pliku log.php przez stronę print
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name ...
CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to ...
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify ...
Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information...