CVE-2010-2797

Description

Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different vulnerability than CVE-2008-5642.

Software From Fixed in
cmsmadesimple / cms_made_simple - 1.6.8.x
cmsmadesimple / cms_made_simple 1.0 1.0.x
cmsmadesimple / cms_made_simple 1.0-beta1 1.0-beta1.x
cmsmadesimple / cms_made_simple 1.0-beta2 1.0-beta2.x
cmsmadesimple / cms_made_simple 1.0-beta3 1.0-beta3.x
cmsmadesimple / cms_made_simple 1.0-beta4 1.0-beta4.x
cmsmadesimple / cms_made_simple 1.0-beta5 1.0-beta5.x
cmsmadesimple / cms_made_simple 1.0-beta6 1.0-beta6.x
cmsmadesimple / cms_made_simple 1.0.1 1.0.1.x
cmsmadesimple / cms_made_simple 1.0.2 1.0.2.x
cmsmadesimple / cms_made_simple 1.0.3 1.0.3.x
cmsmadesimple / cms_made_simple 1.0.4 1.0.4.x
cmsmadesimple / cms_made_simple 1.0.5 1.0.5.x
cmsmadesimple / cms_made_simple 1.0.6 1.0.6.x
cmsmadesimple / cms_made_simple 1.0.7 1.0.7.x
cmsmadesimple / cms_made_simple 1.0.8 1.0.8.x
cmsmadesimple / cms_made_simple 1.1 1.1.x
cmsmadesimple / cms_made_simple 1.1-rc1 1.1-rc1.x
cmsmadesimple / cms_made_simple 1.1-rc2 1.1-rc2.x
cmsmadesimple / cms_made_simple 1.1-rc3 1.1-rc3.x
cmsmadesimple / cms_made_simple 1.1.1 1.1.1.x
cmsmadesimple / cms_made_simple 1.1.2 1.1.2.x
cmsmadesimple / cms_made_simple 1.1.3.1 1.1.3.1.x
cmsmadesimple / cms_made_simple 1.1.4.1 1.1.4.1.x
cmsmadesimple / cms_made_simple 1.2 1.2.x
cmsmadesimple / cms_made_simple 1.2-beta1 1.2-beta1.x
cmsmadesimple / cms_made_simple 1.2-beta2 1.2-beta2.x
cmsmadesimple / cms_made_simple 1.2-beta3 1.2-beta3.x
cmsmadesimple / cms_made_simple 1.2-rc1 1.2-rc1.x
cmsmadesimple / cms_made_simple 1.2.1 1.2.1.x
cmsmadesimple / cms_made_simple 1.2.2 1.2.2.x
cmsmadesimple / cms_made_simple 1.2.3 1.2.3.x
cmsmadesimple / cms_made_simple 1.2.4 1.2.4.x
cmsmadesimple / cms_made_simple 1.2.5 1.2.5.x
cmsmadesimple / cms_made_simple 1.3 1.3.x
cmsmadesimple / cms_made_simple 1.3-beta1 1.3-beta1.x
cmsmadesimple / cms_made_simple 1.3-beta2 1.3-beta2.x
cmsmadesimple / cms_made_simple 1.3.1 1.3.1.x
cmsmadesimple / cms_made_simple 1.4 1.4.x
cmsmadesimple / cms_made_simple 1.4-beta1 1.4-beta1.x
cmsmadesimple / cms_made_simple 1.4-beta2 1.4-beta2.x
cmsmadesimple / cms_made_simple 1.4.1 1.4.1.x
cmsmadesimple / cms_made_simple 1.5 1.5.x
cmsmadesimple / cms_made_simple 1.5-beta1 1.5-beta1.x
cmsmadesimple / cms_made_simple 1.5.1 1.5.1.x
cmsmadesimple / cms_made_simple 1.5.2 1.5.2.x
cmsmadesimple / cms_made_simple 1.5.3 1.5.3.x
cmsmadesimple / cms_made_simple 1.5.4 1.5.4.x
cmsmadesimple / cms_made_simple 1.6 1.6.x
cmsmadesimple / cms_made_simple 1.6.1 1.6.1.x
cmsmadesimple / cms_made_simple 1.6.2 1.6.2.x
cmsmadesimple / cms_made_simple 1.6.3 1.6.3.x
cmsmadesimple / cms_made_simple 1.6.4 1.6.4.x
cmsmadesimple / cms_made_simple 1.6.5 1.6.5.x
cmsmadesimple / cms_made_simple 1.6.6 1.6.6.x
cmsmadesimple / cms_made_simple 1.6.7 1.6.7.x
cmsmadesimple / cms_made_simple 1.7 1.7.x