Directory Traversal Vulnerability in CMSimple by CMSimple
CVE-2008-2650

Currently unrated

Key Information:

Vendor

Cmsimple

Status
Cmsimple
Vendor
CVE Published:
10 June 2008

What is CVE-2008-2650?

A directory traversal vulnerability exists in CMSimple 3.1 through the cmsimple/cms.php file when register_globals is enabled. This flaw enables remote attackers to include and execute arbitrary local files using a crafted '..' (dot dot) in the 'sl' parameter via index.php. An attacker may leverage this vulnerability to execute remote files by including 'adm.php' and invoking the upload action. The vendor patched version 3.1 on June 1, 2008, without a version number change, leaving systems potentially exposed if not updated.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/30463
third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/45881
vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/42792
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.