CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0551

HIGH
7.5
CVSS Severity Score
EPSS Score0.0390%
EPSS Percentile12.56th
PublishedJan 29, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters.

Affected Platforms (CPE)

πŸ“¦
Cmsmadesimple

Cms Made Simple

= 2.7

References & Advisories

πŸ”— http://osvdb.org/33572
πŸ”— http://securityreason.com/securityalert/2195
πŸ”— http://www.securityfocus.com/archive/1/457668/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/31658
πŸ”— http://osvdb.org/33572
πŸ”— http://securityreason.com/securityalert/2195
πŸ”— http://www.securityfocus.com/archive/1/457668/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/31658

Related Vulnerabilities

CVE-2010-466310.0

Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.

CVE-2017-167839.8

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.

CVE-2017-177359.8

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.

CVE-2017-177349.8

CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.