CVE-2012-6064

Name of the Vulnerable Software and Affected Versions CMS Made Simple versions prior to 1.11.2.1

Description A directory traversal issue exists, allowing remote authenticated administrators to delete arbitrary files by utilizing a .. (dot dot) in the deld parameter. This can be exploited using CSRF to enable remote attackers to delete arbitrary files.

Recommendations For versions prior to 1.11.2.1, update to version 1.11.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the images.php file in the lib/filemanager/imagemanager directory to minimize the risk of exploitation. Avoid using the deld parameter in the affected endpoint until the issue is resolved.