CVE-2007-5444
published 2007-10-14CVE-2007-5444: CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.
PriorityP416medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.21%
64.5th percentile
CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vvm2-29vq-5h7x: CMS Made Simple (CMSMS) 1
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2011-3718 [MEDIUM] CWE-200 GHSA-vvm2-29vq-5h7x: CMS Made Simple (CMSMS) 1
CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444.
GHSA
GHSA-gx2c-5v6w-v894: CMS Made Simple 1
ghsa_unreviewed·2022-05-01
CVE-2007-5444 [MEDIUM] CWE-200 GHSA-gx2c-5v6w-v894: CMS Made Simple 1
CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2007-10-14
Published