Vulnerability Key Information Vulnerability Name: tinyCMS 1.1.2 (templatel.php) Local File Inclusion Vulnerability Vulnerability Type: Local File Inclusion (LFI) Affected Versions: tinyCMS 1.1.2 and possibly earlier versions Risk Level: Medium CVSS Score: 5.1/10 CVE ID: CVE-2008-4740 CWE ID: CWE-22 CVSS Detailed Score: Impact Score: 6.4/10 Threat Score: 4.9/10 Configuration Requirements: Magic quotes gpc = Off / Register Globals = On Description: A Local File Inclusion vulnerability exists in the statement within the file. Attackers can exploit this by crafting malicious parameters to include and execute arbitrary local files. Vulnerable Code Snippet: Exploitation Examples: Reference Links: http://1scripts.net/php-scripts/index.php?p=6