MidnightBSD

Advisories for simploo

CVE-2011-0635 MEDIUM

Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
simploo simploo_cms 1.3.0
simploo simploo_cms 1.5.0
simploo simploo_cms 1.5.2
simploo simploo_cms *
simploo simploo_cms 1.7.0
simploo simploo_cms 1.2.0