0Xn1K5

**Name of the Vulnerable Software and Affected Versions** CMS Made Simple version 2.2.7 **Description** A Directory Traversal issue allows an attacker to determine the existence of files and directories outside the web-site installation directory. It also enables checking if a file has contents matching a specified checksum. The attack is carried out using the "admin/checksum.php? c=" API endpoint, specifically targeting the ` c` variable. **Recommendations** For CMS Made Simple version 2.2.7, as a temporary workaround, consider restricting access to the "admin/checksum.php" API endpoint to minimize the risk of exploitation. Avoid using the ` c` variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.