CVE-2005-2846

CMS Made Simple <0.10 - RCE

Title source: llm

Description

PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by groszynskif · htmlwebappsphp

https://www.exploit-db.com/exploits/26217

View Code ZIP pw:eip

References (4)

[Mailing List] http://marc.info/?l=bugtraq&m=112552342004406&w=2

[Patch, Vendor Advisory] http://secunia.com/advisories/16654/

[Exploit] http://www.securityfocus.com/bid/14709

[Various Sources] http://forum.cmsmadesimple.org/index.php/topic%2C1549.0.html

Scores

EPSS 0.0243

EPSS Percentile 85.2%

Details

Status published

Products (1)

cmsmadesimple/cms_made_simple 0.10

Published Sep 08, 2005

Tracked Since Feb 18, 2026