Cms Made Simple · Cms Made Simple · CVE-2008-5642
**Name of the Vulnerable Software and Affected Versions**
CMS Made Simple version 1.4.1
**Description**
A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `cms language` cookie.
**Recommendations**
For CMS Made Simple version 1.4.1, update to a version that fixes this issue. If no specific fix is provided for version 1.4.1, consider restricting access to the admin/login.php file until a patch is available. As a temporary workaround, consider validating and sanitizing the `cms language` cookie to prevent directory traversal attacks.