Vulnerabilities

CVE-2012-6064

by Fred · 03/12/2012

Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.

Date published : 2012-12-03

http://archives.neohapsis.com/archives/bugtraq/2012-11/0035.html

http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545

Similar

Tags: Cybersecurity Alert