TUCoPS :: Web :: CMS / Portals :: tb12904.htm

Several vulnerabilities in CMS Made Simple 1.1.3.1
Several vulnerabilities in CMS Made Simple 1.1.3.1
Several vulnerabilities in CMS Made Simple 1.1.3.1



Hi,
There are several security bugs in CMS Made Simple 1.1.3.1 :
(I am not going to release dangerous and exploitable info here)

1) There is a highly dangerous PHP code execution bug in the script .
2) A registered user can access unauthorized pages . For example he can
upload files to the server, or can make users by posting data to
/admin/adduser.php directly ; Also he can access to admin logs
page (/admin/adminlog.php?page=1) .
3) There are 2 XSS bugs in the script .
4) There are 13 full path disclosure bugs . Direct access to several files
can expose full installation path .

The new version (1.1.4.1) has been released :
http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/ 


- Omid

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH