CVE-2010-2797

2010-10-08T21:00:00
ID CVE-2010-2797
Type cve
Reporter cve@mitre.org
Modified 2010-10-11T17:14:00

Description

Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different vulnerability than CVE-2008-5642.