Vulnerability Description
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cmsmadesimple | Cms Made Simple | 1.1.3.1 |
Related Weaknesses (CWE)
References
- http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/
- http://osvdb.org/45481
- http://securityreason.com/securityalert/3223
- http://www.securityfocus.com/archive/1/481984/100/0/threaded
- http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/
- http://osvdb.org/45481
- http://securityreason.com/securityalert/3223
- http://www.securityfocus.com/archive/1/481984/100/0/threaded
FAQ
What is CVE-2007-5441?
CVE-2007-5441 is a vulnerability with a CVSS score of 6.5 (MEDIUM). CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) addi...
How severe is CVE-2007-5441?
CVE-2007-5441 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5441?
Check the references section above for vendor advisories and patch information. Affected products include: Cmsmadesimple Cms Made Simple.