2012-12-03 22:55:03 2017-08-29 03:32:54

Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.

Vector

NETWORK

Complexity

MEDIUM

Authentication

SINGLE_INSTANCE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
CMS Made Simple 1.9.4.1 CMS Made Simple 1.1.3 CMS Made Simple 1.1.2 CMS Made Simple 0.11.1 CMS Made Simple 0.8.1 CMS Made Simple 0.6.3 CMS Made Simple 1.9.1 CMS Made Simple 0.6.2 CMS Made Simple 1.5.4 CMS Made Simple 0.2 CMS Made Simple 1.7.1 CMS Made Simple 1.5.3 CMS Made Simple 0.8.2 CMS Made Simple 0.3 CMS Made Simple 1.5.2 CMS Made Simple 1.11.2 CMS Made Simple 0.4.1 CMS Made Simple 0.11 CMS Made Simple 0.6.1 CMS Made Simple 0.12 CMS Made Simple 1.1.1 CMS Made Simple 0.1 CMS Made Simple 0.4 CMS Made Simple 0.5 CMS Made Simple 0.8 CMS Made Simple 0.9 CMS Made Simple 0.6 CMS Made Simple 0.7 CMS Made Simple 1.3 Beta 2 CMS Made Simple 1.3 Beta 1 CMS Made Simple 0.13 CMS Made Simple 1.9.4 CMS Made Simple 1.9.3 CMS Made Simple 1.9.2 CMS Made Simple 0.10.4 CMS Made Simple 0.12.2 CMS Made Simple 0.10.3 CMS Made Simple 0.12.1 CMS Made Simple 1.0.6 CMS Made Simple 1.2.4 CMS Made Simple 1.0.5 CMS Made Simple 1.4.1 CMS Made Simple 1.2.3 CMS Made Simple 1.2.2 CMS Made Simple 1.0.4 CMS Made Simple 1.0.3 CMS Made Simple 1.2.1 CMS Made Simple 0.10.2 CMS Made Simple 0.7.2 CMS Made Simple 1.6.4 CMS Made Simple 1.8.2 CMS Made Simple 0.10.1 CMS Made Simple 0.7.1 CMS Made Simple 1.8.1 CMS Made Simple 1.6.3 CMS Made Simple 0.9.2 CMS Made Simple 1.1 CMS Made Simple 1.6.2 CMS Made Simple 0.9.1 CMS Made Simple 0.7.3 CMS Made Simple 1.2 CMS Made Simple 1.2.5 CMS Made Simple 1.6.1 CMS Made Simple 0.3.2 CMS Made Simple 0.3.1 CMS Made Simple 0.5.1 CMS Made Simple 1.0.2 CMS Made Simple 1.0.1 CMS Made Simple 1.9 CMS Made Simple 1.0 CMS Made Simple 1.3 CMS Made Simple 1.4 CMS Made Simple 1.1.3.1 CMS Made Simple 1.7 CMS Made Simple 1.8 CMS Made Simple 1.5 CMS Made Simple 1.6 CMS Made Simple 1.1.4 CMS Made Simple 0.10 CMS Made Simple 1.5.1 CMS Made Simple 0.11.2 CMS Made Simple 0.2.1 CMS Made Simple 1.6.5 CMS Made Simple 1.9.4.2 CMS Made Simple 1.6.6 CMS Made Simple 1.6.7