2010-10-08 23:00:01 2010-10-11 19:14:05

Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different vulnerability than CVE-2008-5642.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Cisco IOS 12.2 (17d)SXB8 Cisco IOS 12.2 (17d)SXB7 Cmsmadesimple Cms made simple 1.6.8 (not an official CPE) Cisco IOS 12.2 (17f) Cisco IOS 12.2 (15)ZJ3 Cisco IOS 12.2(15)T9 Cmsmadesimple Cms made simple 1.1 Rc2 (not an official CPE) Cisco IOS 12.2 (15)XR Cisco IOS 12.2(15)T7 Cmsmadesimple Cms made simple 1.2 Rc1 (not an official CPE) Cisco IOS 12.2(15)T8 Cmsmadesimple Cms made simple 1.1 Rc1 (not an official CPE) Cisco IOS 12.2 (15)ZN Cisco IOS 12.2 (15)ZL1 Cisco IOS 12.2(15)ZJ Cisco IOS 12.2 (15)ZJ1 Cmsmadesimple Cms made simple 1.1 Rc3 (not an official CPE) Cisco IOS 12.2 (17b)SXA Cisco IOS 12.2 (17) Cisco IOS 12.2 (16.5)S Cisco IOS 12.2 (16)B1 Cisco IOS 12.2 (15)ZL Cmsmadesimple Cms made simple 1.0.7 (not an official CPE) Cisco IOS 12.2 (15)YS_1.2(1) Cmsmadesimple Cms made simple 1.0.8 (not an official CPE) Cisco IOS 12.2 (15)T5 Cisco IOS 12.2 (15)XR2 Cisco IOS 12.2 (15)YS Cisco IOS 12.2 (17d) Cisco IOS 12.2(17d)SX Cisco IOS 12.2 (17d)SXB Cisco IOS 12.2 (17d)SXB10 Cisco IOS 12.2 (16f) Cisco IOS 12.2 (17a)SXA Cisco IOS 12.2 (17)a Cisco IOS 12.2 (16)B Cisco IOS 12.2 (15.1)S Cisco IOS 12.2(17a) Cisco IOS 12.2 (15)ZO Cisco IOS 12.2 (17)ZD3 Cisco IOS 12.2 (18)EW Cmsmadesimple Cms made simple 1.0 Beta1 (not an official CPE) Cmsmadesimple Cms made simple 1.2 Beta3 (not an official CPE) Cmsmadesimple Cms made simple 1.2 Beta2 (not an official CPE) Cmsmadesimple Cms made simple 1.0 Beta3 (not an official CPE) Cmsmadesimple Cms made simple 1.0 Beta2 (not an official CPE) Cmsmadesimple Cms made simple 1.3.1 (not an official CPE) Cmsmadesimple Cms made simple 1.1.4.1 (not an official CPE) Cmsmadesimple Cms made simple 1.5 Beta1 (not an official CPE) Cisco IOS 12.2 (16)BX Cmsmadesimple Cms made simple 1.0 Beta4 (not an official CPE) Cmsmadesimple Cms made simple 1.4 Beta1 (not an official CPE) Cmsmadesimple Cms made simple 1.0 Beta5 (not an official CPE) Cmsmadesimple Cms made simple 1.4 Beta2 (not an official CPE) Cmsmadesimple Cms made simple 1.0 Beta6 (not an official CPE) Cisco IOS 12.2 (16.1)B Cmsmadesimple Cms made simple 1.2 Beta1 (not an official CPE)