CVE DATABASE / CVE-2008-5642
CVE-2008-5642
CVSS 5 · MEDIUM
Summary
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
CVSS 2.0 breakdown
| Base score | 5 (MEDIUM) |
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Affected products
Cmsmadesimple cms made simple
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://secunia.com/advisories/32924
- http://securityreason.com/securityalert/4775
- http://www.securityfocus.com/bid/32535
- http://www.vupen.com/english/advisories/2008/3306
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46942
- https://www.exploit-db.com/exploits/7285
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.