Description CMS Made Simple 2.2.1 Local File Inclusion Remediation Update to CMS Made Simple 2.2.2 or later. References http://www.cmsmadesimple.org/2017/07/Announcing-CMSMS-2.2.2-Hearts-Content Related Vulnerabilities WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Remote Code Execution (2.4.21) SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17300) WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Remote Code Execution (2.05.01) WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1) WordPress Plugin MyPixs Local File Inclusion (0.3) Severity Medium Classification CWE-94 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Tags File Inclusion