Directory Traversal Vulnerability in CMS Made Simple (CMSMS) Allows Arbitrary File Deletion

Directory Traversal Vulnerability in CMS Made Simple (CMSMS) Allows Arbitrary File Deletion

CVE-2012-6064 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be leveraged using CSRF (CVE-2012-5450) to allow remote attackers to delete arbitrary files.

Learn more about our Cms Pen Testing.