Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5441

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2007-5441
Last Modified 15 Nov 2008 02:00:59
Published 14 Oct 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-5441

Summary

CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request.

Vulnerable Systems

Application

  • Cmsmadesimple Cms Made Simple 1.1.3.1


References

BUGTRAQ - 20071010 Several vulnerabilities in CMS Made Simple 1.1.3.1

OSVDB - 45481

CONFIRM - http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/

SREASON - 3223


Last Updated: 27 May 2016 10:46:10