PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cms_made_simple | Cmsmadesimple | 0.10 (including) | 0.10 (including) |
References
- http://forum.cmsmadesimple.org/index.php/topic%2C1549.0.html
- http://marc.info/?l=bugtraq\u0026m=112552342004406\u0026w=2
- http://secunia.com/advisories/16654/
- http://www.securityfocus.com/bid/14709
- http://forum.cmsmadesimple.org/index.php/topic%2C1549.0.html
- http://marc.info/?l=bugtraq\u0026m=112552342004406\u0026w=2
- http://secunia.com/advisories/16654/
- http://www.securityfocus.com/bid/14709