CVE-2008-5642
published 2008-12-17CVE-2008-5642: Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a…
PriorityP337medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
8.93%
94.6th percentile
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cmsmadesimple | cms_made_simple | <= 1.6.8 | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
| cmsmadesimple | cms_made_simple | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-crf7-38q6-679m: Directory traversal vulnerability in admin/login
ghsa_unreviewed·2022-05-17
CVE-2008-5642 [MEDIUM] CWE-22 GHSA-crf7-38q6-679m: Directory traversal vulnerability in admin/login
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
GHSA
GHSA-qhfr-jgqp-74cp: Directory traversal vulnerability in lib/translation
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2010-2797 [MEDIUM] CWE-22 GHSA-qhfr-jgqp-74cp: Directory traversal vulnerability in lib/translation
Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different vulnerability than CVE-2008-5642.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/32924http://securityreason.com/securityalert/4775http://www.securityfocus.com/bid/32535http://www.vupen.com/english/advisories/2008/3306https://exchange.xforce.ibmcloud.com/vulnerabilities/46942https://www.exploit-db.com/exploits/7285http://secunia.com/advisories/32924http://securityreason.com/securityalert/4775http://www.securityfocus.com/bid/32535http://www.vupen.com/english/advisories/2008/3306https://exchange.xforce.ibmcloud.com/vulnerabilities/46942https://www.exploit-db.com/exploits/7285
2008-12-17
Published