Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6064

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-6064
Last Modified 04 Dec 2012 03:02:06
Published 03 Dec 2012 04:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-6064

Summary

Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.

Vulnerable Systems

Application

  • Cmsmadesimple Cms Made Simple 0.1

  • Cmsmadesimple Cms Made Simple 0.10

  • Cmsmadesimple Cms Made Simple 0.10.1

  • Cmsmadesimple Cms Made Simple 0.10.2

  • Cmsmadesimple Cms Made Simple 0.10.3

  • Cmsmadesimple Cms Made Simple 0.10.4

  • Cmsmadesimple Cms Made Simple 0.11

  • Cmsmadesimple Cms Made Simple 0.11.1

  • Cmsmadesimple Cms Made Simple 0.11.2

  • Cmsmadesimple Cms Made Simple 0.12

  • Cmsmadesimple Cms Made Simple 0.12.1

  • Cmsmadesimple Cms Made Simple 0.12.2

  • Cmsmadesimple Cms Made Simple 0.13

  • Cmsmadesimple Cms Made Simple 0.2

  • Cmsmadesimple Cms Made Simple 0.2.1

  • Cmsmadesimple Cms Made Simple 0.3

  • Cmsmadesimple Cms Made Simple 0.3.1

  • Cmsmadesimple Cms Made Simple 0.3.2

  • Cmsmadesimple Cms Made Simple 0.4

  • Cmsmadesimple Cms Made Simple 0.4.1

  • Cmsmadesimple Cms Made Simple 0.5

  • Cmsmadesimple Cms Made Simple 0.5.1

  • Cmsmadesimple Cms Made Simple 0.6

  • Cmsmadesimple Cms Made Simple 0.6.1

  • Cmsmadesimple Cms Made Simple 0.6.2

  • Cmsmadesimple Cms Made Simple 0.6.3

  • Cmsmadesimple Cms Made Simple 0.7

  • Cmsmadesimple Cms Made Simple 0.7.1

  • Cmsmadesimple Cms Made Simple 0.7.2

  • Cmsmadesimple Cms Made Simple 0.7.3

  • Cmsmadesimple Cms Made Simple 0.8

  • Cmsmadesimple Cms Made Simple 0.8.1

  • Cmsmadesimple Cms Made Simple 0.8.2

  • Cmsmadesimple Cms Made Simple 0.9

  • Cmsmadesimple Cms Made Simple 0.9.1

  • Cmsmadesimple Cms Made Simple 0.9.2

  • Cmsmadesimple Cms Made Simple 1.0

  • Cmsmadesimple Cms Made Simple 1.0.1

  • Cmsmadesimple Cms Made Simple 1.0.2

  • Cmsmadesimple Cms Made Simple 1.0.3

  • Cmsmadesimple Cms Made Simple 1.0.4

  • Cmsmadesimple Cms Made Simple 1.0.5

  • Cmsmadesimple Cms Made Simple 1.0.6

  • Cmsmadesimple Cms Made Simple 1.1

  • Cmsmadesimple Cms Made Simple 1.1.1

  • Cmsmadesimple Cms Made Simple 1.1.2

  • Cmsmadesimple Cms Made Simple 1.1.3

  • Cmsmadesimple Cms Made Simple 1.1.3.1

  • Cmsmadesimple Cms Made Simple 1.1.4

  • Cmsmadesimple Cms Made Simple 1.11.2

  • Cmsmadesimple Cms Made Simple 1.2

  • Cmsmadesimple Cms Made Simple 1.2.1

  • Cmsmadesimple Cms Made Simple 1.2.2

  • Cmsmadesimple Cms Made Simple 1.2.3

  • Cmsmadesimple Cms Made Simple 1.2.4

  • Cmsmadesimple Cms Made Simple 1.2.5

  • Cmsmadesimple Cms Made Simple 1.3

  • Cmsmadesimple Cms Made Simple 1.4

  • Cmsmadesimple Cms Made Simple 1.4.1

  • Cmsmadesimple Cms Made Simple 1.5

  • Cmsmadesimple Cms Made Simple 1.5.1

  • Cmsmadesimple Cms Made Simple 1.5.2

  • Cmsmadesimple Cms Made Simple 1.5.3

  • Cmsmadesimple Cms Made Simple 1.5.4

  • Cmsmadesimple Cms Made Simple 1.6

  • Cmsmadesimple Cms Made Simple 1.6.1

  • Cmsmadesimple Cms Made Simple 1.6.2

  • Cmsmadesimple Cms Made Simple 1.6.3

  • Cmsmadesimple Cms Made Simple 1.6.4

  • Cmsmadesimple Cms Made Simple 1.6.5

  • Cmsmadesimple Cms Made Simple 1.6.6

  • Cmsmadesimple Cms Made Simple 1.6.7

  • Cmsmadesimple Cms Made Simple 1.7

  • Cmsmadesimple Cms Made Simple 1.7.1

  • Cmsmadesimple Cms Made Simple 1.8

  • Cmsmadesimple Cms Made Simple 1.8.1

  • Cmsmadesimple Cms Made Simple 1.8.2

  • Cmsmadesimple Cms Made Simple 1.9

  • Cmsmadesimple Cms Made Simple 1.9.1

  • Cmsmadesimple Cms Made Simple 1.9.2

  • Cmsmadesimple Cms Made Simple 1.9.3

  • Cmsmadesimple Cms Made Simple 1.9.4

  • Cmsmadesimple Cms Made Simple 1.9.4.1

  • Cmsmadesimple Cms Made Simple 1.9.4.2


References

MISC - https://www.htbridge.com/advisory/HTB23121

XF - cmsmadesimple-images-csrf(79881)

CONFIRM - http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498

SECUNIA - 51185

MISC - http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html

CONFIRM - http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545

BUGTRAQ - 20121107 Cross-Site Request Forgery (CSRF) in CMS Made Simple


Last Updated: 27 May 2016 11:01:26