Static Code Injection Vulnerability in Simploo CMS 1.7.1 and Earlier

CVE-2011-0635 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php.

Learn more about our Cis Benchmark Audit For Server Software.