CVE-2005-2846 Information

Description

PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.

Reference

http://forum.cmsmadesimple.org/index.php/topic1549.0.html http://marc.info/?l=bugtraq&m=112552342004406&w=2 http://secunia.com/advisories/16654/ http://www.securityfocus.com/bid/14709