CVE-2007-5441

Published: Oct 14, 2007Modified: Apr 23, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request.

Affected (1)

Products: Cmsmadesimple: Cms Made Simple

1 product

Cms Made Simple

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cmsmadesimple Cms Made Simple	Version 1.1.3.1

Related CWEs

References (8)

http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/

Source: cve@mitre.org

http://osvdb.org/45481

Source: cve@mitre.org

http://securityreason.com/securityalert/3223

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/481984/100/0/threaded

Source: cve@mitre.org

http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/45481

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/3223

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/481984/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.