CVE-2007-5441
CMS Made Simple 1.1.3.1 - Authenticated Privilege Escalation via Direct Request
Title source: llmDescription
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481984/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/45481
Various Sources x_refsource_confirm
http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3223
Scores
EPSS
0.0038
EPSS Percentile
59.4%
Details
CWE
CWE-264
Status
published
Products (1)
cmsmadesimple/cms_made_simple
1.1.3.1
Published
Oct 14, 2007
Tracked Since
Feb 18, 2026