Intrusion Prevention

CMS.Made.Simple.last.module.Command.Injection

Description

This indicates a vulnerability in CMS Made Simple. This vulnerability is caused by an error when the vulnerable software handles a "last_module" parameter passed to an "eval()" call in "lib/adodb_lite/adodb-perf-module.inc.php". It allows remote attackers to execute arbitrary commands.

Affected Products

CMS Made Simple version 1.1.3.1 and prior.

Impact

System compromise, remote command execution.

Recommended Actions

Currently we are not aware of any official fix for this issue.

CVE References

CVE-2007-5056