CMS.Made.Simple.last.module.Command.Injection
Description
This indicates a vulnerability in CMS Made Simple. This vulnerability is caused by an error when the vulnerable software handles a "last_module" parameter passed to an "eval()" call in "lib/adodb_lite/adodb-perf-module.inc.php". It allows remote attackers to execute arbitrary commands.
Affected Products
CMS Made Simple version 1.1.3.1 and prior.
Impact
System compromise, remote command execution.
Recommended Actions
Currently we are not aware of any official fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |