Lucene search
MitreCVE-2007-5441HistoryOct 14, 2007 - 6:17 p.m.
CVE-2007-5441
2007-10-1418:17:00
CWE-264
mitre
web.nvd.nist.gov
19
cms made simple
security vulnerability
remote authenticated users
admin actions
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0.003
Percentile
69.0%
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an “admin/adminlog.php?page=1” request.
Affected configurations
Node
cmsmadesimplecms_made_simpleMatch1.1.3.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cmsmadesimple | cms_made_simple | 1.1.3.1 | cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.3.1:*:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2007-10-14 18:17:00
cvelist
cvelist
CVE-2007-5441
2007-10-14 18:00:00
nvd
nvd
CVE-2007-5441
2007-10-14 18:17:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0.003
Percentile
69.0%
Related for CVE-2007-5441