CVE-2007-5441
N/A
N/A
Summary
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/archive/1/481984/100/0/threaded
- http://osvdb.org/45481
- http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/
- http://securityreason.com/securityalert/3223
References
- http://www.securityfocus.com/archive/1/481984/100/0/threaded
- http://osvdb.org/45481
- http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/
- http://securityreason.com/securityalert/3223
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.