|Category:||Web application abuses|
|Title:||CMS Made Simple 188.8.131.52 Multiple Vulnerabilities|
|Summary:||CMS Made Simple is prone to multiple vulnerabilities.|
CMS Made Simple is prone to multiple vulnerabilities.
CMS Made Simple is prone to multiple vulnerabilities:
- The is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a 'php' substring,
which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. (CVE-2017-16798)
- In modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category,
a related issue to CVE-2010-3882. (CVE-2017-16799)
CMS Made Simple version 184.108.40.206.
No solution or patch is available as of 13th November, 2017. Information
regarding this issue will be updated once the solution details are available.
Common Vulnerability Exposure (CVE) ID: CVE-2017-16798|
Common Vulnerability Exposure (CVE) ID: CVE-2017-16799
|Copyright||This script is Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 58768 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.