CVE-2007-5441
Severity Score
6.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request.
CMS Made Simple 1.1.3.1 no comprueba los permisos asignados a los usuarios en algunas situaciones, lo cual permite a usuarios remotos autenticados llevar a cabo algunas acciones administrativas, como se ha demostrado (1) añadiendo un usuario mediante una petición directa a admin/adduser.php y (2) leyendo el archivo de registro de administración mediante una petición "admin/adminlog.php?page=1".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-10-14 CVE Reserved
- 2007-10-14 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141 | X_refsource_confirm | |
| http://osvdb.org/45481 | Vdb Entry | |
| http://securityreason.com/securityalert/3223 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/481984/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cmsmadesimple Search vendor "Cmsmadesimple" | Cms Made Simple Search vendor "Cmsmadesimple" for product "Cms Made Simple" | 1.1.3.1 Search vendor "Cmsmadesimple" for product "Cms Made Simple" and version "1.1.3.1" | - |
Affected
| ||||||