CVE-2007-5442

CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://securityreason.com/securityalert/3223
http://www.securityfocus.com/archive/1/481984/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.3.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-10-14 18:17

Updated : 2024-02-04 17:13

NVD link : CVE-2007-5442

Mitre link : CVE-2007-5442

CVE.ORG link : CVE-2007-5442

JSON object : View

Products Affected

cmsmadesimple

cms_made_simple

CWE

CWE-264

Permissions, Privileges, and Access Controls

3.5 /10