Description
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) meta or (2) phpincdir parameter, a different issue than CVE-2010-3307.
Exploits (1)
References (4)
Core 4
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/14672/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41001
Exploit x_refsource_misc
http://packetstormsecurity.org/1008-exploits/freesimplesoftware-rfi.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/67239
Scores
EPSS
0.0206
EPSS Percentile
84.0%
Details
CWE
CWE-94
Status
published
Products (1)
dustincowell/free_simple_cms
1.0
Published
Oct 05, 2010
Tracked Since
Feb 18, 2026