Directory Traversal (lib/translation.functions.php) (CMS Made Simple) v1.8.x
Description
A directory traversal vulnerability exists in CMS Made Simple versions prior to 1.8.1, specifically in the lib/translation.functions.php file. Attackers can exploit this flaw by injecting path traversal sequences (../) into the default_cms_lang parameter when accessing admin scripts such as admin/addbookmark.php. This allows unauthorized users to include and execute arbitrary local files from the server's filesystem, potentially leading to complete system compromise.
Remediation
Immediately upgrade CMS Made Simple to version 1.8.1 or later, which addresses this vulnerability. If immediate upgrade is not possible, implement the following temporary mitigations: (1) Restrict access to the /admin/ directory using web server access controls or IP whitelisting to trusted addresses only. (2) Implement input validation to reject any default_cms_lang parameter values containing directory traversal sequences such as '../', '..\', or encoded variants. (3) Review server logs for suspicious requests containing path traversal attempts in the default_cms_lang parameter. (4) Ensure PHP's open_basedir directive is configured to restrict file access to the web application directory only. Plan and execute the upgrade to version 1.8.1 or later as soon as possible, as temporary mitigations may not provide complete protection.